KeySweeper is a stealth Arduino-based device, cloned to a USB wall charger that wirelessly sniffs and decrypts, log and reports back over GSM all keystrokes from any Microsoft wireless keyboard within the vicinity.
Its developer has released instructions on how to build it online. The device, called the KeySweeper, comes as a working USB wall charger. However, it secretly monitors any Microsoft wireless keyboards within range and “passively sniffs, decrypts, logs and reports back” everything typed on them, its creator alleges. It could be used to record passwords and bank details, or capture confidential documents as they’re being typed.
It then send the collected data to the spy’s phone. The security flaw has been highlighted by Samy Kamkar, a security researcher and entrepreneur who has previously flagged up issues with Parrot drones, illicit smartphone tracking, the PHP programming language and as well built the Self-titled worm and the crazy hands free hacking necklace.
The device can be built for as little as $10, with optional features including sending SMS alerts when keywords are entered, and an internal rechargeable battery — meaning the device can keep logging keystrokes even when unplugged. Microsoft wireless keyboards encrypt their data before sending it wirelessly, but Kamkar claims to have discovered multiple bugs that make it easy to decrypt.
The researcher hasn’t tested it on every Microsoft wireless keyboard, but he believes that due to similarities between them, they will all be affected.