Security of wireless keyboards: threats, vulnerabilities and countermeasures

  • Siniša V. Jovanović Serbian Armed Forces, General Staff, Telecommunications and Information Security Directorate (J-6), Centre for Applied Mathematics and Electronics, Belgrade, Republic of Serbia https://orcid.org/0009-0002-6088-9553
  • Danijela D. Protić Serbian Armed Forces, General Staff, Telecommunications and Information Security Directorate (J-6), Centre for Applied Mathematics and Electronics, Belgrade, Republic of Serbia https://orcid.org/0000-0003-0827-2863
  • Vladimir D. Antić Serbian Armed Forces, General Staff, Telecommunications and Information Security Directorate (J-6), Centre for Applied Mathematics and Electronics, Belgrade, Republic of Serbia https://orcid.org/0000-0001-9843-0743
  • Milena M. Grdović Serbian Armed Forces, General Staff, Telecommunications and Information Security Directorate (J-6), Centre for Applied Mathematics and Electronics, Belgrade, Republic of Serbia https://orcid.org/0000-0003-4310-7935
  • Dejan A. Bajić Serbian Armed Forces, General Staff, Telecommunications and Information Security Directorate (J-6), Centre for Applied Mathematics and Electronics, Belgrade, Republic of Serbia https://orcid.org/0009-0007-5283-4110
DOI: https://doi.org/10.5937/vojtehg71-43239
Keywords: wireless keyboard, radio frequency, electromagnetic emission, software defined radio

Abstract


Introduction/purpose: This paper provides an overview of research on computer system vulnerabilities caused by compromised electromagnetic radiation by wireless keyboards. Wireless devices that use event-triggered communication have been shown to have critical privacy issues due to the inherent leakage associated with radio frequency emissions. Wireless connectivity technology is a source of signal emanation that must be protected in terms of performance and security.

Methods: Wireless device vulnerabilities and side-channel attacks are observed, along with electromagnetic emission of radio waves.

Results: The findings highlight a specific wireless keyboard's security and encryption flaws. The results of penetration testing reveal vulnerabilities of targeted wireless keyboards in terms of outdated firmware, encryption, wireless reliability, and connection strength.

Conclusion: Wireless keyboards have security flaws that disrupt radio communication, giving a malicious user complete access to the computer to which the keyboard is connected. An attacker can steal sensitive data by observing how the system works using compromised electromagnetic emissions.

References

-ANSI webstore. 1999. ANSI INCTIS 154-1998 (R1999). Office machines and supplies – Alphanumeric machines – Keyboard arrangement (Formerly ANSI X3. 154-1988 (R1999)) [online]. Available:  https://webstore.ansi.org/standards/incits/ansiincits1541988r1999 [Accessed: 05 January 2023].

Barthe, G., Gregorie, B. & Laporte, V. 2018. Secure Compilation of Side Channel Countermeasures: The Case of Cryptographic “Constant-Time”. In: 2018 IEEE 31st Computer Security Foundations Symposium (CSF), Oxford, UK, pp.328-343, July 09-12. https://doi.org/10.1109/CSF.2018.00031.

-Bastille Networks Internet Security. 2023. KeySniffer affected devices [online]. Available at: https://keysniffer.net/affected-devices [Accessed: 05 January 2023].

Chamran, M.K., Yau, K.-L.A., Noor, R.M.D. & Wong, R. 2019. A Distributed Testbed for 5G Scenarios: An Experimental Study. Sensors, 20(1), art.number:18. Available at: https://doi.org/10.3390/s20010018.

Chauhan, P. 2020. What is keyboard? & Types of keyboard. RKR Knowledge, 12 May [online]. Available at: https://rkrknowledge.com/what-is-keyboard-types-of-keyboard/ [Accessed: 05 January 2023].

de Jesus Rugeles Uribe, J., Guillen, E.P. & Cardoso. L.S. 2022. A technical review of wireless security for the internet of things: Software defined radio perspective. Journal of King Saud University – Computer and Information Sciences, 34(7), pp.4122-4134. Available at: https://doi.org/10.1016/j.jksuci.2021.04.003.

Deeg, M. & Klostermeier, G. 2019. New tales of wireless input devices. SlideShare [online]. Available at: https://www.slideshare.net/proidea_conferences/new-tales-of-wireless-input-devices-matthias-deeg-gerhard-klostermeier [Accessed: 05 January 2023].

Duarte, L., Gomes, R., Riberio, C. & Caldeirinha, R.F.S. 2019. A Software-Defined-Radio for future wireless communication systems at 60 GHz. Electronics, 8(12), art.number:1490. Available at: https://doi.org/10.3390/electronics8121490.

-ETSI. 2011. Final draft EN 301 489-1 V1.9.2. (2011-04) Electromagnetic compatibility and Radio spectrum Matters (ERM); Electromagnetic Compatibility (EMC) standard for radio equipment and services; Part 1: Common technical requirements [online]. Available at: https://www.etsi.org/deliver/etsi_en/301400_301499/30148901/01.09.01_40/en_30148901v010901o.pdf [Accessed: 05 January 2023]. 

-ETSI. 2012. ETSI EN 300 386 V16.1. (2012-09) Electromagnetic compatibility and Radio spectrum Matters (ERM); Telecommunication network equipment; ElectroMagnetic Compatibility (EMC) requirements [online]. Available at: https://www.etsi.org/deliver/etsi_en/300300_300399/300386/01.06.01_60/en_300386v010601p.pdf [Accessed: 05 January 2023].

-ETSI. 2023. Electro Magnetic Compatibility [online]. Available at: https://www.etsi.org/technologies/emc [Accessed: 05 January 2023].

Garcia Reis, A.L., Barros, A.F., Gusso Lenzi, K., Pedroso Meloni, L.G. & Barbin, S.E. 2012. Introduction to the Software-defined Radio Approach. IEEE Latin America Transactions, 10(1), pp.1156-1161. Available at: https://doi.org/10.1109/TLA.2012.6142453.

Gatlan, S. 2019. Logitec unifying receivers vulnerable to key injection attacks. Bleeping Computer [online]. Available at: https://www.bleepingcomputer.com/news/security/logitech-unifying-receivers-vulnerable-to-key-injection-attacks/ [Accessed: 05 January 2023].

Goodin, D. 2019. How a wireless keyboard lets hackers take full control of connected computers. arsTECHNICA [online]. Available at: https://arstechnica.com/information-technology/2019/03/how-a-wireless-keyboard-lets-hackers-take-full-control-of-connected-computers/ [Accessed: 05 January 2023].

Grdović, M.M, Protić, D.D, Antic, V.D. & Jovanovic, B.Ž. 2022. Electromagnetic information leakage from the computer monitor. Vojnotehnički glasnik/Military Technical Courier, 70(4), pp.836-855. Available at: https://doi.org/10.5937/vojtehg70-38930

Griskenas, S. 2023. What is wireless keyboard security? Everything you need to know. Nord VPN [online]. Available at: https://nordvpn.com/blog/what-is-wireless-keyboard-security/ [Accessed: 05 January 2023].

-ISO. 2009. ISO/IEC 9995-1:2009. Information technology – Keyboard layouts for text and office systems – Part 1: General principles governing keyboard layouts [online]. Available at: https://www.iso.org/standard/51645.html [Accessed: 05 January 2023].

-ITU. 2014. K.84: Test methods and guide against information leaks through unintentional electromagnetic emission [online]. Available at: https://www.itu.int/rec/T-REC-K.84/en [Accessed: 05 January 2023].

-JSAJIS. 2018. JIS X 6002:1980 English Edition Keyboard layout for information processing using the JIS 7 bit coded character set [online]. Available at: http://www.jsajis.org/index.php?main_page=product_info&cPath=4&products_id=16459 [Accessed: 05 January 2023].

Liu, H., Spolaor, R., Turrin, F., Bonafede, C. & Conti, M. 2021. USB powered devices: A survey of side-channel threats and countermeasures. High-Confidence Computing, 1(1), art.ID:100007. Available at: https://doi.org/10.1016/j.hcc.2021.100007

-Logitech. 2022. Logi Bolt Secure, robust wireless connections. Logitech [online]. Available at: https://www.logitech.com/content/dam/logitech/en/business/pdf/logi-bolt-white-paper.pdf [Accessed: 05 January 2023].

-Logitech. 2023. Setting a new standard in wireless peripheral security. Today’s work-from-anywhere workplace demands enhanced protection. Logitech [online]. Available at: https://www.logitech.com/en-us/business/resources/wireless-peripheral-security.html [Accessed: 05 January 2023].

Mangard, S., Oswald, E. & Popp, T. 2007. Power Analysis Attacks: Revealing the Secrets of Smart Cards. New York, NY: Springer. Available at: https://doi.org/10.1007/978-0-387-38162-6

Markagić, M.S. 2018. Compromising electromagnetic radiation–challenges, threats and protection. Vojnotehnički glasnik/Military Technical Courier, 66(1), pp.143-153. Available at:  https://doi.org/10.5937/vojtehg66-8691

Molina-Tenorio, Y., Prieto-Guerrero, A. & Aguilar-Gonzales, R. 2021. Real-Time Implementation of Multiband Spectrum Sensing Using SDR Technology. Sensors, 21(10), art.number:3506. Available at: https://doi.org/10.3390/s21103506.  

-NIST National Institute of Standards and Technology. 2001. Advanced Encryption Standard (AES). Federal Information Processing Standards. NIST National Institute of Standards and Technology, NIST Technical Series Publications. Available at: https://doi.org/10.6028/NIST.FIPS.197

Oligeri, G., Sciancalepore, S., Raponi, S. & Di Pietro, R. 2020. BrokenStrokes: on the (in)security of wireless keyboards. In: WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks, Linc, Austria, pp.231-241, July 08-10. Available at: https://doi.org/10.1145/3395351.3399351

Pohl, J. & Noack, A. 2019. Automatic Wireless Protocol Reverse Engineering. In: Proceedings of 13th USENIX Workshop on Offensive Technologies (WOOT 19), Santa Clara, CA: USENIX Association, August [online]. Available at: https://www.usenix.org/conference/woot19/presentation/pohl [Accessed: 05 January 2023].   

Sadiku, M.N.O. & Akujuobi, C.M. 2004. Software-defined radio: a brief overview. IEEE Potentials, 23(4), pp.14-15. Available at: https://doi.org/10.1109/MP.2004.1343223

Sayakkara, A., Le-Khac, N.-A. & Scanlon, M. 2018. Accuracy Enhancement of Electromagnetic Side-Channel Attacks on Computer Monitors. In: ARES 2018: Proceedings of the 13th International Conference on Availability, Reliability and Security, Hamburg, Germany, August 27-30. Available at: https://doi.org/10.1145/3230833.3234690

Sheimo, M. 2021. Ahhh! My mouse and keyboard were hacked! Sikich, 23 June [online]. Available at: https://www.sikich.com/insight/ahhh-my-mouse-and-keyboard-were-hacked/ [Accessed: 05 January 2023].   

Sim, D.-J., Lee, H.S., Yook, J.-G. & Sim, K. 2016. Measurements and analysis of the compromising electromagnetic emanations from USB keyboard. In: 2016 Asia-Pacific International Symposium on Electromagnetic Compatibility (APEMC), Shenzhen, pp.518-520, May 17-21. Available at: https://doi.org/10.1109/APEMC.2016.7522785

Stewart, R.W., Barlee, K.W., Atkinson, D.S.W. & Crockett, L.H. 2015. Software Defined Radio Using MATLAB & Simulink and the RTL-SDR. Glasgow, UK: Strathclyde Academic Media. ISBN: 978-0-9929787-2-3.

Tomsic, N. 2022. Penetration testing wireless keyboards. Are your devices vulnerable? Degree Project in Computer Science and Technology. Stockholm, Sweden: KTH Royal Institute of Technology [online]. Available at: https://www.diva-portal.org/smash/record.jsf?dswid=-5484&pid=diva2%3A1701492 [Accessed: 05 January 2023].

Vuagnoux, M. & Pasini, S. 2009. Compromising Electromagnetic Emanations of Wired and Wireless Keyboards. USENIX [online]. Available at: https://www.usenix.org/legacy/events/sec09/tech/full_papers/vuagnoux.pdf [Accessed: 05 January 2023].

Wadell, K. 2016. Hackers Can Spy on Wireless Keyboards From Hundreds of Feet Away: There’s a gaping security hole in eight popular models. The Atlantic, 26 July [online]. Available at: https://www.theatlantic.com/technology/archive/2016/07/hackers-can-spy-on-wireless-keyboards-from-hundreds-of-feet-away/492962/ [Accessed: 05 January 2023]. 

-WebNots. 2022. What are Different Types of Computer Keyboards? WebNots, 15 August [online]. Available at: https://www.webnots.com/what-are-different-types-of-computer-keyboards/ [Accessed: 05 January 2023].

Weiss, B. 2023. Can Your Wireless Keyboard Be Hacked? WyzGuys Cybersecurity [online]. Available at: https://wyzguyscybersecurity.com/can-your-wireless-keyboard-be-hacked/ [Accessed: 05 January 2023].

Whittaker, Z. 2016. Flaws in wireless keyboards let hackers snoop on everything you type. ZD Net, 26 July [online]. Available at: https://www.zdnet.com/article/millions-of-wireless-keyboards-at-risk-of-spying-by-hackers-in-new-attack/ [Accessed: 05 January 2023].

 

Published
2023/03/27
Issue
Vol. 71 No. 2 (2023): April-June
Section
Original Scientific Papers

Copyright (c) 2023 Siniša V. Jovanović, Danijela D. Protić, Vladimir D. Antić, Milena M. Grdović, Dejan A. Bajić

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

Proposed Creative Commons Copyright Notices

Proposed Policy for Military Technical Courier (Journals That Offer Open Access)

Authors who publish with this journal agree to the following terms:
Authors retain copyright and grant the journal right of first publication with the work simultaneously licensed under a Creative Commons Attribution License that allows others to share the work with an acknowledgement of the work's authorship and initial publication in this journal.

  1. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the journal's published version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgement of its initial publication in this journal.
  2. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See The Effect of Open Access).