tech_hw_tastatur_funk   2

Flaws in Wireless Mice and Keyboards Let Hackers Type on Your PC
That’s a new warning from researchers at the Internet of things security firm Bastille, who released an advisory today that seven different companies’ wireless keyboards and mice are vulnerable to an exploit they’ve dubbed “mousejacking.” The attack—which affects a broad collection of devices sold by Logitech, Dell, Microsoft, HP, Amazon, Gigabyte and Lenovo—lets an interloper inject mouse movements or keystrokes at a rate of a thousand words per minute from an nearby antenna, even when the target device is designed to encrypt and authenticate its communications with a paired computer. Rouland points out that the exploit, which affects devices that use a little-studied proprietary radio protocol rather than Wi-Fi or Bluetooth, leaves even PCs that have been “airgapped”—isolated from the Internet—vulnerable if someone has plugged in a wireless keyboard dongle. Bastille’s mousejack attack doesn’t take advantage of one single vulnerability, but instead a collection of distinct problems in the firmware of wireless devices that use chips sold by the Norwegian firm Nordic Semiconductor. Nordic chips are capable of encryption. But unlike standard Bluetooth chips, the Norwegian firm’s cheap, low-power shortrange radio communications chips require that vendors write their own firmware to implement that encryption and secure the connection between computers and peripheral devices. The result, Bastille’s researchers say, is that many of the affected companies failed to take advantage of Nordic’s encryption option, allowing the dongles that receive those communications to accept keystrokes from another device using the same radio protocol. Most of the vulnerable keyboards did encrypt their communications, the researchers say, but didn’t properly authenticate communicating devices; they would still allow another rogue device to inject unencrypted keystrokes over the same connection. Rouland argues that the attack could quickly be used to download malware and take full remote control of a PC. But the computer would have to already be unlocked, a caveat that would likely require the attacker to be able to see his or her target’s screen.
wired, 23.02.2016
tech_hw_maus_funk  tech_hw_tastatur_funk  krypto_verschlüsselung_transport  itsicherheit_authentisierung_protokoll  itsicherheit_hardware  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  itsicherheit_firmware_peripherie  unternehmen_bastille_networks  geheimdienst_us_nsa_cao_tao  geheimdienst_us_nsa_cao_tarex 
february 2016 by kraven
Wireless Desktop 2000: A guard dog on your desktop
Today, Microsoft announces a wireless mouse and keyboard combo designed with security in mind – the new Wireless Desktop 2000 – which incorporates Advanced Encryption Standard (AES) 128-bit technology to help secure your personal and business information by encrypting what you type. This is Microsoft’s first keyboard to feature AES 128-bit encryption.
microsoft hardware blog,02.06.2011
krypto_verschlüsselung_transport  krypto_algo_aes  unternehmen_microsoft  tech_hw_tastatur_funk  tech_hw_maus_funk 
june 2011 by kraven

related tags

geheimdienst_us_nsa_cao_tao  geheimdienst_us_nsa_cao_tarex  itsicherheit_authentisierung_protokoll  itsicherheit_by_obscurity  itsicherheit_exploit_flaw  itsicherheit_firmware_peripherie  itsicherheit_hardware  krypto_algo_aes  krypto_verschlüsselung_transport  tech_hw_maus_funk  unternehmen_bastille_networks  unternehmen_microsoft 

Copy this bookmark: