Cybersecurity experts have found a new set of security vulnerabilities, deemed KeySniffer, that allow cybercriminals to eavesdrop and store a victim’s keystrokes when using non-Bluetooth keyboards through “unencrypted radio communication.” For a cost of under $100, cybercriminals can record keystrokes form hundreds of feet away. They are capable of “stealing payment card data, banking information, security questions, passwords, and any other private information typed on a vulnerable device,” explains SCMagazine.
Researchers also claim that there are currently vulnerable keyboards from at least eight vendors: Anker, EagleTec, General Electric, Hewlett-Packard, Insignia, Kensington, Radio Shack and Toshiba. Researchers have found that “higher-end” keyboards from manufactures such as Logitech, Dell and Lenovo are not susceptible to KeySniffer. One concerning thought that Bastille Research Team Member, Marc Newlin, pointed out is that these attacks are extremely difficult to detect. “Unless the malicious actor is caught in the act, or leaves behind a data collection device, there is really no way to know that somebody is eavesdropping on your keystrokes,” Newlin said. While cyber experts have not identified this tactic in the wild, it would be wise to upgrade to a Bluetooth keyboard since there is no way to know if cybercriminals are already eavesdropping on a device.