When I looked at this circa 2001-2002, for another company, other 27MHz keyboards didn't even bother to encrypt. Most of the data was sent in the clear, with neither encryption nor robust authentication.
Exactly what makes this problem so difficult eludes me, although one suspects that the savage profit margins on consumables like keyboards and mice might have something to do with it. Ian. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Leichter, Jerry Sent: Friday, 7 December 2007 10:13 AM To: cryptography@metzdowd.com Subject: Intercepting Microsoft wireless keyboard communications http://www.dreamlab.net/download/articles/Press%20Release%20Dreamlab%20T echnologies%20Wireless%20Keyboard.pdf Computerworld coverage at http://www.computerworld.com/action/article.do?command=viewArticleBasic&; articleId=9051480 The main protection against interception is the proprietary protocol, which these guys were able to reverse engineer. The exchange is "encrypted" using a Caeser cipher (XOR with a single byte that is the common key, which is the only secret in the system); they say they can determine the right key within 30 characters or so. Their current hardware can read the data from 33 feet away; with a better antenna, well over a hundred feet should be possible. These things operate at 27 MHz, which will penetrate walls easily. Reading multiple keyboards at once is possible and they already do it. They are looking at injecting data into the stream - presumably not very hard. Many other brands of wireless keyboard may well be equally vulnerable. -- Jerry --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED] --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
