Key-Sweeper

KeySweeper sniffing the keystrokes

KeySweeper is a stealth Arduino-based device, cloned to a USB wall charger that wirelessly sniffs and decrypts, log and reports back over GSM all keystrokes from any Microsoft wireless keyboard within the vicinity.

Its developer has released instructions on how to build it online. The device, called the KeySweeper, comes as a working USB wall charger. However, it secretly monitors any Microsoft wireless keyboards within range and “passively sniffs, decrypts, logs and reports back” everything typed on them, its creator alleges. It could be used to record passwords and bank details, or capture confidential documents as they’re being typed.

It then send the collected data to the spy’s phone. The security flaw has been highlighted by Samy Kamkar, a security researcher and entrepreneur who has previously flagged up issues with Parrot drones, illicit smartphone tracking, the PHP programming language and as well built the Self-titled worm and the crazy hands free hacking necklace.

The device can be built for as little as $10, with optional features including sending SMS alerts when keywords are entered, and an internal rechargeable battery — meaning the device can keep logging keystrokes even when unplugged. Microsoft wireless keyboards encrypt their data before sending it wirelessly, but Kamkar claims to have discovered multiple bugs that make it easy to decrypt.

The researcher hasn’t tested it on every Microsoft wireless keyboard, but he believes that due to similarities between them, they will all be affected.

Kamkar hasn’t just highlighted the vulnerability. He has released detailed instructions on how to build the device on GitHub. He’s also produced a half-hour video on KeySweeper, which you can watch below:

What the KeySweeper can do.

Keysweeper disassembled
KeySweeper charger decoy disassembled
  1. The Charger-clone recharges its internal battery when plugged into a power outlet for use when plugged out…
  2. It also sniff all wireless keyboard activities within the range of 2.4GHz Signal range in the vicinity it resides.
  3. All its keystrokes are logged online and locally whiles SMS alerts are sent upon notice of trigger word such as “USERNAME” or “URL” exposing passwords and user privacy. The data stored locally can be grabbed via its USB or placing another KeySweeper on it.
  4. A live web-based tool allows for keystroke monitor can rip your password as you type it seamlessly.

What Microsoft has said?

A Microsoft spokesperson told VentureBeat that they “are aware of reports about a ‘KeySweeper’ device and are investigating.”

Later, A spokesperson from Microsoft also said that the vulnerability only affects keyboards using pre-2011 designs, because more recent ones “use Advanced Encryption Standard (AES) technology.”

However, Samy told TechCrunch that affected keyboards are still on sale. “The vulnerable keyboards are *still* being manufactured and sold today, even from Microsoft’s own web site and major retailers like Best Buy,” he said. “I purchased the vulnerable keyboard brand new from Best Buy just last month, and the date next to the serial number says ’07/2014”.