I aways wondered if the communication channel between my wireless keyboard and the usb receiver-antena is secure. I never bother to reseach this. Today I figured out the practical way. I turned on my pc at work and I tried to type the first letter of my password. Nothing hapened. Then I started spamming that letter. Still nothing, until the person next to me said “my keyboard is typing all by itself”. It turns out she has a wireless mouse with a seemigly identical receiver-antena usb.

The moral of the story. If it was so easy to almost leak my password unintentionally due to this flaw of wireless keyboard communication, imagine wad a bad actor can do intentionally. Why try to brute force, social engineer e.t.c. when your password can be stollen in transit from your keyboard to your pc.

81 points

Bluetooth data transmission is encrypted. Initialization typically happens only through the press of a physical button.

I assume you’re using wireless devices of the same manufacturer, that uses an alternative that is not Bluetooth, and has automatic pairing without a safeguard.

This is not about wireless primarily. Use a decent product and standard and you don’t have that issue.

permalink
report
reply
18 points

Bluetooth isn’t guaranteed to be safe either. It can be safe, with the proper configuration (which depends on the manufacturer, you usually can’t change it), but it can also be very vulnerable

permalink
report
parent
reply
2 points

How so? You mean which encryption is being used? The Bluetooth demanded minimum is not enough?

permalink
report
parent
reply
5 points

Earlier this year i was reading the bluetooth specification (of course not all of it, certain parts only, it’s quite long) and I remember that there are pairing modes which can’t guarantee that the connection is secure, because the method does not make sure that the connection cannot be eavesdropped by an attacker to obtain the keys that’ll be used.
Of course better devices will already be paired in the factory… but that’s not all of them, and how do you even verify that it has been paired in the factory, or it just randomly pairs with whatever it finds in pairing mode? Or how do you verify that they correctly verify the incoming packets?
But for the user-pairable ones, the security of the connection depends a lot on what pairing mode will you use, there’s a huge difference if you just press a button and done, or when you can somehow input codes on both devices.

And it’s not even just about whether you trust your devices to follow the bluetooth specifications correctly. Bluetooth had many different security mechanisms over the years, for the different bluetooth versions, many of which don’t protect against certain types of attacks and situations, or which are just plainly insecure.
But they still exist and they are still used by some (or more) manufacturers who just don’t care.
Also keep in mind that for compatibility many Bluetooth devices also support communication with older versioned devices.

This stackoverflow post tries to summarize a part of the evolution of bluetooth security. Hopefully with it the above will make sense

But then bluetooth vulnerabilities are also not unkown, both software and hardware based.

permalink
report
parent
reply
Deleted by creator
permalink
report
reply
5 points
*

Thanks. For what kind of specs I should be looking when byuing a wireless product? What key words I should be looking for?

permalink
report
parent
reply

[This comment has been deleted by an automated system]

permalink
report
parent
reply
3 points

I’ll probably going to update to wired. It has all of the advanteges except portability. The only reason I got that wireless keyboard was that I needed something small, chaeap and portable.

permalink
report
parent
reply
1 point

Hmm, do you want a keyboard with firmware updates that encrypts keybresses…

Or simply use USB?..

permalink
report
parent
reply

[This comment has been deleted by an automated system]

permalink
report
parent
reply
9 points

Still using a PS/2 keyboard from like 2007. Checkmate.

permalink
report
reply
7 points

I guess being old fashioned and sticking with my model M has it’s advantages.

permalink
report
reply
2 points

The guy sitting next to you hates you

permalink
report
parent
reply
6 points

All my passwords are random characters and I just copy/paste out of bitwarden. Can’t leak that with a wireless keyboard.

permalink
report
reply
2 points

Does that work for logging in?

permalink
report
parent
reply
1 point

I only log in on my own devices. On devices that I don’t own, I change the password afterwards.

permalink
report
parent
reply
4 points

I think they mean logging into the device itself. Like, if you have a computer at work with a work login, etc.

permalink
report
parent
reply
1 point

So what you’re saying is that the password to get all your passwords from the cloud is typed onto a wireless keyboard?

permalink
report
parent
reply

Privacy

!privacy@lemmy.ml

Create post

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

  • Posting a link to a website containing tracking isn’t great, if contents of the website are behind a paywall maybe copy them into the post
  • Don’t promote proprietary software
  • Try to keep things on topic
  • If you have a question, please try searching for previous discussions, maybe it has already been answered
  • Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
  • Be nice :)

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

Community stats

  • 4.6K

    Monthly active users

  • 2.9K

    Posts

  • 78K

    Comments