Bastille, the first cybersecurity company to detect and mitigate threats from the Internet of Things (IoT), today unveiled a massive vulnerability affecting the vast majority of low-cost wireless keyboards. Using a new attack that the Bastille Research Team has named “KeySniffer,” hackers can remotely “sniff” ALL the keystrokes of wireless keyboards from eight manufacturers from distances up to 250 feet away. When conducting a KeySniffer attack, hackers can eavesdrop and capture every keystroke a victim types in 100 percent clear text and then search for:
- Card numbers, expiration date, CVV code
- Bank account usernames and passwords
- Answers to security questions: name of your first pet, mother’s maiden name, etc.
- Network access passwords
- Any secrets: business or personal typed into a document or email
“When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product,” said Bastille Research Team member Marc Newlin, responsible for the KeySniffer discovery. “Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack.”