SHUT UP GADI ! On Mon, Mar 10, 2008 at 5:59 AM, Markus Jansson <[EMAIL PROTECTED]> wrote:
> I decided to write here after not getting any real response from any > vendor or security forums that I have written about the subject in the > past few months. The issue is relatively simple and affecting a lot of > people, companies and propably even goverment officials: Wireless > keyboards. > > Now, we know that most of the wireless keyboards are just stupid, if > not analog, atleast somehow buggy and cheap pieces of tech that work > on various RF bands. Some of them have been analysed and cracked wide > open and ofcourse nobody is patching them up at all. For example here > is a good example to proof my point: > http://www.theregister.co.uk/2007/12/03/wireless_keyboard_crypto_cracked/ > > Is this a big issue? Oh yes. > What point is having a good 32+ char passphrase on your www-accounts, > 63marks long WPA2-PSK and PGP encryption in your emails...if you type > them all with wireless keyboard, that can be easily eavesdropped maybe > over 100yards away? Or is it just me thinking its "weakest link in the > chain of security"? > > >From my knowledge, Id say the best option for secure wireless keyboard > is somekind of bluetooth keyboard that actually, REALLY works like > bluetooth is supposed to work. You know, a wireless keyboard that > would allow its default PIN (which is usually 1234 or 0000) to be > changed in secure fashion to something long and complext (well, lets > say 16 or 32 marks long)...and that would only allow encrypted and > authenticated connections and would not broadcast its existance to the > rest of the world. > > Sure, there has been cracks in bluetooth and its crypto, like here: > http://www.terminodes.org/micsPublicationsDetail.php?pubno=1216 > that make you think that even bluetooths crypto, if it would actually > be used, is not good enought for wireless keyboards. But its still the > best we got right? > > WUSB might be a good replacement for bluetooth, but are there really > any secure ones available yet - or will there ever be? How can you > know they are secure - are you trusting the same manufactorers claims > that have for years marketed and sold insecure wireless keyboards > while claiming that they are secure? I dont. > > Is it just me or have someone else also payed attention to the > insecurity of the wireless keyboards - and the total silence around > this serious security issue? And how to fix this? How and where to get > wireless keyboards that are really secure? > > > > -- > http://www.markusjansson.net > http://markusjansson.blogspot.com > PGP: 6E9E375EC50A27FDB9DA1672A78C27BF735ADADA > PGP2: 9966C10DDC7F0DEDEC480A75FE952445F24D55DD > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
