Dreamlab cracks the code to Microsoft's wireless keyboards

December 4, 2007 by Lisa Zyga weblog
Microsoft Wireless Optical Desktop 1000
Microsoft Wireless Optical Desktop 1000

Anyone using a wireless keyboard might be a little concerned with a recent announcement by the Swiss company Dreamlab Technologies.

The IT security center claims that it has developed simple technology that can "sniff out" the keystrokes typed on Microsoft´s Wireless Optical Desktop 1000 and 2000 keyboards. At distances of up to 10 meters, Dreamlab´s technology can capture and decrypt keystrokes that may contain information such as user names, passwords, credit card numbers, and confidential messages. With appropriate technical equipment, Dreamlab predicts that eavesdropping at even larger distances is possible.

Companies like Microsoft and Logitech use the 27 MHz radio band for communication between wireless keyboards and a computer. As Max Moser of Dreamlab Technologies says, "Wireless communication is only as secure as the encryption technology used. Due to its nature, it can be tapped with little effort."

Because Microsoft´s encryption technology uses only about 256 possible encryption keys, it did not take many tries for Dreamlab´s software to decode the data. In this case, just a simple radio receiver, a soundcard, and suitable software were enough to break the cryptography codes and tap into the radio frequencies.

Dreamlab says it immediately alerted the manufacturer to the security loophole, but it will be a long process to fix the problem. In the meantime, Dreamlab hopes that consumers using wireless keyboards will take caution when using any wireless keyboard.

Because Microsoft´s other wireless devices operate on similar technology, Dreamlab warns that these devices might also be prone to attacks. Some of these devices include the Wireless Optical Desktop 3000, Wireless Optical Desktop 4000 and other products in the 27 Mhz-based Wireless Laser Desktop series.

Dreamlab has not released the specific tools and methods used to break the code, but researchers at Dreamlab have created a presentation about their work explaining the procedures used and the pitfalls encountered during the analysis. They plan to present their work at future events, mainly for educational purposes. The company hopes that this information will make researchers more aware of the interesting topic of analyzing unknown radio-based data transmission.

More information:

Dreamlab´s white paper: "We know what you typed last summer"

Dreamlab´s Video

Copyright 2007 Lisa Zyga & Physorg.com.
All rights reserved. Web Sites and Bloggers may provide the introductory paragraph and a link to the story, but may not copy, redistribute, rewrite or publish the story in whole or in part without written permission of the author or publisher.

Related Stories

Recommended for you

New method analyzes corn kernel characteristics

November 17, 2017

An ear of corn averages about 800 kernels. A traditional field method to estimate the number of kernels on the ear is to manually count the number of rows and multiply by the number of kernels in one length of the ear. With ...

Optically tunable microwave antennas for 5G applications

November 16, 2017

Multiband tunable antennas are a critical part of many communication and radar systems. New research by engineers at the University of Bristol has shown significant advances in antennas by using optically induced plasmas ...


Adjust slider to filter visible comments by rank

Display comments: newest first

4.5 / 5 (2) Dec 04, 2007
Any physical attack that requires proximity is silly to a degree... its so much easier to do things like plant a customized Remote Access Trojan on a user's machine if you want their keystrokes or any other data.

There are vast techniques to gain keystrokes if the attacker has physical proximity (i.e. you could watch their hands, plant a web cam, shoulder surf, TEMPEST technology from the 80's, a well placed mirror may even do the trick, etc)

Security people are well of this and these guys are just wasting time to make a silly headline and drum up some press.
5 / 5 (2) Dec 04, 2007
I don't think so. I think this could actually be more serious then looking over someone's shoulder. Now that people know it can be done people are sure to innovate on the distance that wireless keyboards can be picked up. first 10 feet, next is outside the building. What is to stop someone from planting a receiver/recorder in a building and recording all the keyboard traffice? This is tremendous industrial espionage potential.
4 / 5 (1) Dec 04, 2007
What is to stop someone? r^-2
not rated yet Dec 05, 2007
I live halfway up a 13 story apartment building. If they improve that range just a little bit I could set up a receive right next to my computer and log everyone's keystrokes in the building:P. I wouldn't of course, but I bet there are people out there would would. How long will it be before little receivers start appearing stuffed into the bases of those fake plants in the lobbies of office buildings?
not rated yet Dec 05, 2007
Thankfully I've been wearing a tinfoil hat for two decades, so they can't get me even with their time machines.
not rated yet Feb 23, 2008
The argument that if you're close enough to receive the keyboard transmission, that you could just as well install a keystroke-capturing trojan, watch over someone's shoulder, etc. is silly in the context of this story, which is about situations where an attacker DOESN'T have access to the room where the keyboard is located. There are many rooms one doesn't have direct access to, but may have access to an adjoining room, or simply sit outside the building, close to the inaccessible room (or maybe not so close, as the article states), with a receiver. Security agencies recognize this possibility, and implement measures to prevent it from being a problem (wired keyboards, shielding, patrolling the outside of the building, etc.). Someone who scans their computer regularly for malware may just wipe any keystroke-recording trojans within a short time after it's been installed; someone concerned about security isn't likely to let someone watch over their shoulder as they type; etc. TEMPEST technology isn't a method for gathering keystrokes--it's a shielding methodology for preventing it. Yes, security people are already aware that wireless keyboard transmissions can be detected and decrypted, but I can't see anything wrong about announcing it to the general public, even if it's been stated before. Many companies show their ignorance of security precautions all the time, regardless of how informed "security people" are (because these companies often don't hire security people, or the right ones), resulting in theft of data, including wireless taps--it recently happened with the Target store chain, with someone sitting in a car with a wifi receiver, resulting in theft of thousands of credit card numbers and other info. If the non-tech-aware people who run these companies were exposed to more articles like this one, detailing possible methods of data theft, then maybe they'd get it through their heads to start implementing better security procedures.

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.