Skip to main content [aditude-amp id="stickyleaderboard" targeting='{"env":"staging","page_type":"article","post_id":1640422,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"A"}']

This USB wall charger secretly logs keystrokes from Microsoft wireless keyboards nearby

Image Credit: Samy Kamkar

Privacy and security researcher Samy Kamkar has released a keylogger for Microsoft wireless keyboards cleverly hidden in what appears to be a rather large, but functioning USB wall charger. Called KeySweeper, the stealthy Arduino-based device can sniff, decrypt, log, and report back all keystrokes — saving them both locally and online.

This is no toy. KeySweeper includes a web-based tool for live keystroke monitoring, can send SMS alerts for trigger words, usernames, or URLs (in case you want to steal a PIN number or password), and even continues to work after it is unplugged thanks to a rechargeable internal battery. That’s an impressive list of features, especially given that Kamkar told VentureBeat the whole process “took a few days” including a few over Christmas break and this past weekend when he decided “to properly document it.”

[aditude-amp id="flyingcarpet" targeting='{"env":"staging","page_type":"article","post_id":1640422,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"A"}']

This “spy tool” only affects Microsoft wireless keyboards, and it allegedly works with many, if not most, of them. As a result, we reached out to let the company know. “We are aware of reports about a ‘KeySweeper’ device and are investigating,” a Microsoft spokesperson told VentureBeat.

AI Weekly

The must-read newsletter for AI and Big Data industry written by Khari Johnson, Kyle Wiggers, and Seth Colaner.

Included with VentureBeat Insider and VentureBeat VIP memberships.

KeySweeper exploits multiple bugs, including the fact that all Microsoft keyboards use the same first byte in their MAC address. Along with a few other holes, it can thus allegedly decrypt any Microsoft keyboard nearby without having to specify its MAC address first.

Kamkar told VentureBeat that he tested KeySweeper “on a brand new keyboard I purchased only a few weeks ago from Best Buy.” Naturally he hasn’t tested it on all Microsoft keyboards — that’s a claim the company will undoubtedly have to verify itself.

In the meantime, Kamkar has put together a walkthrough video for a more in-depth look of KeySweeper:

Kamkar says the unit cost for KeySweeper ranges from $10 to $80, depending on which functions you require. The hardware breakdown is as follows:

  • $3 – $30: An Arduino or Teensy microcontroller can be used.
  • $1: nRF24L01+ 2.4GHz RF Chip which communicates using GFSK over 2.4GHz.
  • $6: AC USB Charger for converting AC power to 5v DC.
  • $2 (Optional): An optional SPI Serial Flash chip can be used to store keystrokes on.
  • $45 (Optional): Adafruit has created a board called the FONA which allows you to use a 2G SIM card to send/receive SMS, phone calls, and use the Internet directly from the device.
  • $3 (Optional if using FONA): The FONA requires a mini-SIM card (not a micro-SIM).
  • $5 (Optional, only if using FONA): The FONA provides on-board LiPo/LiOn battery recharging, and while KeySweeper is connected to AC power, the battery will be kept charged, but is required nonetheless.

As for the software, the primary code is installed on the microcontroller, while the web-based backend uses jQuery and PHP. KeySweeper’s source code and schematic are available on GitHub.

[aditude-amp id="medium1" targeting='{"env":"staging","page_type":"article","post_id":1640422,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"A"}']

KamKar hopes his project will do more than just give would-be spies a how-to guide. He told VentureBeat: “I hope this creates pressure to ensure that we have proper encryption in new wireless products that come out!”

Update: “Keyboards from multiple manufacturers are affected by this device. Where Microsoft keyboards are concerned, customers using our Bluetooth-enabled keyboards are protected from this type of attack,” a Microsoft spokesperson told VentureBeat. “In addition, users of our 2.4GHz wireless keyboard designs from July 2011 onwards are also protected because these keyboards use Advanced Encryption Standard (AES) technology.”

Kamkar is checking if the technique does indeed work on keyboards from other manufacturers. However, he did note that his keyboard was manufactured just last year:

[aditude-amp id="medium2" targeting='{"env":"staging","page_type":"article","post_id":1640422,"post_type":"story","post_chan":"none","tags":null,"ai":false,"category":"none","all_categories":"business,mobile,security,","session":"A"}']

So even though these are old designs, Microsoft is still selling wireless keyboards that are affected by this issue. The company wouldn’t comment on whether this is enough to push them towards replacing the old designs.

VentureBeat's mission is to be a digital town square for technical decision-makers to gain knowledge about transformative enterprise technology and transact. Learn More