security ofwireless keyboards

[Tom Metro]

Matthew Gillen wrote:
> I can't bring myself to use a wireless keyboard.  I just don't like the 
> idea of broadcasting my passwords out to anyone within listening 
> distance.

The Security Now podcast has covered the security of wireless keyboards
a few times. In episode 269 Steve Gibson says:

  ...the wireless keyboards have such weak security that essentially,
  when you turn the keyboard on, it chooses an eight-bit byte randomly
  and XORs the data that's being sent with that byte.  ...the data is
  not technically in the clear.  It's not plaintext.  But, boy, I mean,
  it would just be a fun and relatively short exercise to decrypt that
  stream.  It would be trivial to decrypt it. ... So the encryption of
  wireless keyboards is virtually ineffective.

And in episode 271 he says:

  Yeah, I wanted to quickly calm everyone's nerves over the issue of
  keyboard security.  ... I did some research, read some whitepapers and
  some security evaluations and so forth.  And the good news is Logitech
  got it 100 percent correct.  They did a beautiful job.  ... There's
  nonvolatile memory in the keyboard and in what they call their little
  unifying receiver.  This is Logitech's new technology.

  So at the factory, nonvolatile memory in the keyboard and in the
  unifying receiver are synchronized with the same 128-bit symmetric
  key, which the AES algorithm uses to encrypt keystrokes.  So if you
  repair the keyboard, because for example you might pair it with a
  different receiver that hasn't seen that keyboard before, the pairing
  process does exactly the right thing.  There are pseudorandom number
  generators at each end.  They're able to establish a new key without
  it ever going over the wire, over the air, in the clear, in order to
  synchronize a new key that they agree upon on the fly.  That's written
  into nonvolatile RAM and kept there.

  ...I haven't looked at anybody else's.  But I know that the unifying
  receiver technology that Logitech has is doing this.  And it does say
  in the specs, just in the regular top-level specs, 128-bit AES
  encryption.  So that's the way they implemented it.  I would imagine
  anything that Logitech has done, even if it's not the K320 wireless
  keyboard, that also says that would be using the same technology,
  which means you can trust it.

So the level of security depends on the keyboard, with at least some of
the newer models having adequate security.

And elsewhere in that episode:

  ...anything Bluetooth is, well, okay.  Anything Bluetooth is way more
  secure than a simple 8-bit XOR, if for no other reason than almost
  nothing could be less secure than an 8-bit XOR. ... Bluetooth is good
  security, very good security.

Episodes 280 and 283 cover BlueTooth in depth. (I haven't listened to
them yet.)


Episode 269:
transcript: http://www.grc.com/sn/sn-269.txt
audio: http://media.grc.com/sn/sn-269.mp3

Episode 271:
transcript: http://www.grc.com/sn/sn-271.txt
audio: http://media.grc.com/sn/sn-271.mp3

Other episodes:
http://www.grc.com/securitynow.htm

 -Tom

-- 
Tom Metro
Venture Logic, Newton, MA, USA
"Enterprise solutions through open source."
Professional Profile: http://tmetro.venturelogic.com/