PSA: Stay away from wireless keyboards - eviltoast

I aways wondered if the communication channel between my wireless keyboard and the usb receiver-antena is secure. I never bother to reseach this. Today I figured out the practical way. I turned on my pc at work and I tried to type the first letter of my password. Nothing hapened. Then I started spamming that letter. Still nothing, until the person next to me said “my keyboard is typing all by itself”. It turns out she has a wireless mouse with a seemigly identical receiver-antena usb.

The moral of the story. If it was so easy to almost leak my password unintentionally due to this flaw of wireless keyboard communication, imagine wad a bad actor can do intentionally. Why try to brute force, social engineer e.t.c. when your password can be stollen in transit from your keyboard to your pc.

  • 𝒍𝒆𝒎𝒂𝒏𝒏@lemmy.one
    link
    fedilink
    arrow-up
    4
    ·
    1 year ago

    Used to work in an office where dell’s wireless peripherals would every once in a while randomly enter pairing mode and connect to someone else’s machine… often to the humor of those nearby. Their tech was based on Logitech’s older Unifying stuff but I have no idea what they were thinking when adding auto pairing to it.

    For wireless peripherals do research beforehand if this is something you’re worried about. Personally I stick with newer logitech stuff, which encrypt the connection and don’t start auto-pairing when peripherals are switched on