I aways wondered if the communication channel between my wireless keyboard and the usb receiver-antena is secure. I never bother to reseach this. Today I figured out the practical way. I turned on my pc at work and I tried to type the first letter of my password. Nothing hapened. Then I started spamming that letter. Still nothing, until the person next to me said “my keyboard is typing all by itself”. It turns out she has a wireless mouse with a seemigly identical receiver-antena usb.

The moral of the story. If it was so easy to almost leak my password unintentionally due to this flaw of wireless keyboard communication, imagine wad a bad actor can do intentionally. Why try to brute force, social engineer e.t.c. when your password can be stollen in transit from your keyboard to your pc.

  • Kissaki@feddit.deEnglish
    771·
    1 year ago

    Bluetooth data transmission is encrypted. Initialization typically happens only through the press of a physical button.

    I assume you’re using wireless devices of the same manufacturer, that uses an alternative that is not Bluetooth, and has automatic pairing without a safeguard.

    This is not about wireless primarily. Use a decent product and standard and you don’t have that issue.

  • Phanatik@kbin.social
    6·
    1 year ago

    My Wireless keyboard is a Keychron. It doesn’t have a dedicated adapter, it’ll connect to any device with Bluetooth capabilities. From what I’ve seen of how it works, is that it can store up to 3 device signatures to automatically connect to (you can choose which of the three is active). What I assume it’s storing is the MAC address which I thought is unique to the device.

  • RovingFox@infosec.pub
    71·
    1 year ago

    All my passwords are random characters and I just copy/paste out of bitwarden. Can’t leak that with a wireless keyboard.

  • voxel@sopuli.xyz
    5·
    1 year ago

    do you have one with 2.4ghz receiver?
    like one of the plug and connect; no pairing required ones?
    yeah these are garbage…

  • akulium@feddit.de
    4·
    1 year ago

    It is also problematic that you can send keypresses to the other person, especially since she was only using the receiver for a mouse.

  • Zellith@kbin.social
    41·
    1 year ago

    I don’t use wireless because batteries suck to deal with. I learned that in my teens with a wireless headset, wireless mouse and wireless keyboard!

    • vrojak@kbin.social
      61·
      1 year ago

      I don’t know how old you are, but I used to think the same thing in my teens, however nowadays wireless nice last pretty long on a single charge. Mine lasts about 3 months, and in endurance mode like half a year.

    • mishimaenjoyer@kbin.social
      5·
      1 year ago

      modern (bt) devices usually have a built in battery that can be recharged via cable (or use the cable to connect the device to it’s computer), so that issue is off the table, at least for better devices.

  • Doll_Tow_Jet-ski@kbin.social
    2·
    1 year ago

    Shit my current computer only works with wireless keyboard…Although I guess I could get a regular one and use one of the USB ports. Good to know, thanks.

        • Successful_Try543@feddit.de
          2·
          1 year ago

          According to Wikipedia, wireless USB should be secure too: “The goal of the specification was to preserve the functional model of USB, based on intelligent hosts and behaviorally simple devices, while allowing it to operate in a wireless environment and keeping security on a par with the levels offered by traditional wired systems.”

  • Destide@feddit.ukEnglish
    32·
    1 year ago

    Don’t use cheap ones with white label components. Sender and receiver having a shared key would resolve this.