USB Wall Charger, KeySweeper, Can Secretly Log Keystrokes From Microsoft Wireless Keyboards
Samy Kamkar, a privacy and security researcher, has released a keylogger that is built to intercept the transmission from Microsoft wireless keyboards, hidden in what appears to be a large, but functional USD wall charger. The device, named KeySweeper, can sniff, decrypt, log, and report all keystrokes made by users, saving them locally and online.
Watch Out for KeySweeper
The KeySweeper includes a web-based tool which allows for live keystroke monitoring, the ability to send SMS alerts for target words, usernames, or URLs, as well as run while unplugged with a rechargeable internal battery. Kamkar told VentureBeat that the whole process only “took a few days” to complete. The KeySweeper works with most Microsoft keyboards. Microsoft commented saying:
“We are aware of reports about a ‘KeySweeper’ device and are investigating,”
The KeySweeper exploits bugs in the Microsoft keyboards including the fact that Microsoft keyboards all use the same first byte in their MAC address. This as well as a few other bugs, allows the KeySweeper to decrypt and nearby keyboard without having to specify its MAC address.
Kamkar says the unit cost for KeySweeper ranges from $10 to $80, depending on which functions you require. The hardware breakdown is as follows:
- $3 – $30: An Arduino or Teensy microcontroller can be used.
- $1: nRF24L01+ 2.4GHz RF Chip which communicates using GFSK over 2.4GHz.
- $6: AC USB Charger for converting AC power to 5v DC.
- $2 (Optional): An optional SPI Serial Flash chip can be used to store keystrokes on.
- $45 (Optional): Adafruit has created a board called the FONA which allows you to use a 2G SIM card to send/receive SMS, phone calls, and use the Internet directly from the device.
- $3 (Optional if using FONA): The FONA requires a mini-SIM card (not a micro-SIM).
- $5 (Optional, only if using FONA): The FONA provides on-board LiPo/LiOn battery recharging, and while KeySweeper is connected to AC power, the battery will be kept charged, but is required nonetheless.
The primary code is installed on the microcontroller while the web-based backend utilizes jQuery and PHP. Kamkat told VentureBeat:
“I hope this creates pressure to ensure that we have proper encryption in new wireless products that come out!”
Images via KeySweeper and Shutterstock.