When I looked at this circa 2001-2002, for another company, other 27MHz
keyboards didn't even bother to encrypt.  Most of the data was sent in
the clear, with neither encryption nor robust authentication.

Exactly what makes this problem so difficult eludes me, although one
suspects that the savage profit margins on consumables like keyboards
and mice might have something to do with it.


-----Original Message-----
[mailto:[EMAIL PROTECTED] On Behalf Of Leichter, Jerry
Sent: Friday, 7 December 2007 10:13 AM
To: cryptography@metzdowd.com
Subject: Intercepting Microsoft wireless keyboard communications


Computerworld coverage at


The main protection against interception is the proprietary protocol,
which these guys were able to reverse engineer.  The exchange is
"encrypted" using a Caeser cipher (XOR with a single byte that is the
common key, which is the only secret in the system); they say they can
determine the right key within 30 characters or so.  Their current
hardware can read the data from 33 feet away; with a better antenna,
well over a hundred feet should be possible.  These things operate at
27 MHz, which will penetrate walls easily.

Reading multiple keyboards at once is possible and they already do it.
They are looking at injecting data into the stream - presumably not very

Many other brands of wireless keyboard may well be equally vulnerable.

                                                        -- Jerry

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to