Wireless Keystroke Logger Disguised as USB Device Charger Targets Wireless Keyboards
Page Count: 3 pages
Date: April 29, 2016
Restriction: TLP: GREEN
Originating Organization: Federal Bureau of Investigation, Cyber Division
File Type: pdf
File Size: 400,857 bytes
File Hash (SHA-256):D0425EEF586E113504780F913D30648BF565A6CA1A8A15B6F915B110FEFE8DD2
KeySweeper is a covert device that resembles a functional Universal Serial Bus (USB) enabled device charger which conceals hardware capable of harvesting keystrokes from certain wireless keyboards. If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information. Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen.
KeySweeper is an Arduino-baseda device which is contained within the shell of a USB phone charger. It is capable of detecting and decrypting radio frequency (RF) signals from certain Microsoft wireless keyboards manufactured before 2011 (many of which are still available for purchase). The wireless keyboard transmits these RF signals so the associated dongle plugged into a computer can identify which keys the user types.
KeySweeper, which measures two to three inches, contains a Subscriber Identity Module (SIM) card that uses a cellular connection to send the data to an associated Web server. This SIM card also enables the device to send text messages to an associated mobile device when it picks up certain keywords such as Web site addresses. A small flash memory module can also store data if the SMS capability is somehow impeded.
KeySweeper is hidden within a USB device charger and can be powered directly from an electrical outlet to harvest, decrypt, transmit, and store stolen data. A rechargeable battery serves as optional backup power should the device be removed from the wall.
According to a Microsoft spokesperson, customers using Microsoft Bluetooth-enabled keyboards are protected against KeySweeper attacks. In addition, users of their 2.4GHz wireless keyboard designs produced after 2011 are also protected because those keyboards use Advanced Encryption Standard (AES) encryption technology.
Since Arduino devices are modular and programmable, an actor could harvest data by capturing and decrypting communications protocols from various other wireless devices, depending on the weakness or exploitability of that protocol’s encryption. The device is easy to overlook as it harvests and sends sensitive data to a collector.
Although KeySweeper was designed to harvest from a particular brand of wireless keyboard, a cyber actor could program the device to conduct reconnaissance against a variety of devices. Given that RF ranges for all wireless devices registered with the FCC are located on the FCC’s Web site, discovering the frequency for any registered device is relatively simple. An actor could swap out the RF board for one that matches the frequency of the other device.
A KeySweeper-like device could be used to harvest data from wireless devices other than wireless keyboards, to potentially include data from Bluetooth, Wi-Fi, or SMS traffic, depending on the difficulty of cracking a protocol’s chosen encryption method. Though the data could be collected, decryption depends on the configuration and protocol.
The primary method of defense is for corporations to restrict the use of wireless keyboards. Since the KeySweeper requires over-the-air transmission, a wired keyboard will be safe from this type of attack. However, if the use of a wireless keyboard cannot be prevented, then ensuring a strong encryption on the keyboard is vital.
A keyboard using AES encryption makes it more difficult to read keystrokes as there are currently no known practical attacks to read AES encrypted data.
Keyboards using Bluetooth are also safe from KeySweeper as it listens on a different channel than that which Bluetooth transmits. However, Bluetooth keyboards must have encryption turned on and a strong pairing PIN to protect it from a similar type of data-harvesting attack.
Additional best practices to prevent a compromise could include but are not limited to office policies that address mobile device chargers:
Limiting which outlets are available for device charging
Knowing whose chargers are currently being used
Immediate removal of an unknown charger from the office facility (although the optional backup battery can allow data theft even when unplugged)
Fbi Most Wanted, Fbi Jobs, Fbi Director, Fbi Salary, Fbi Agent, Fbi Background Check, Fbi Agent Salary, Fbi Headquarters, Fbi Special Agent, Fbi Internships, Fbi Agent, Fbi Agent Salary, Fbi Academy, Fbi Application, Fbi Analyst, Fbi Atlanta, Fbi Agent Jobs, Fbi Anon, Fbi Address, Fbi Arrests, Fbi Background Check, Fbi Badge, Fbi Bau, Fbi Building, Fbi Boston, Fbi Bap, Fbi Baltimore, Fbi Benefits, Fbi Budget, Fbi Building Dc, Fbi Careers, Fbi Crime Statistics, Fbi Clearance, Fbi Criminal Background Check, Fbi Chicago, Fbi Citizens Academy, Fbi Crime Statistics By Race, Fbi Contact, Fbi Channeler, Fbi Candidates, Fbi Director, Fbi Director Candidates, Fbi Director James Comey, Fbi Definition, Fbi Director Fired, Fbi Director Salary, Fbi Definition Of Terrorism, Fbi Database, Fbi Dallas, Fbi Drug Policy, Fbi Employment, Fbi Email Address, Fbi Employment Drug Policy, Fbi El Paso, Fbi Employees, Fbi Emblem, Fbi Established, Fbi Education Center, Fbi Education, Fbi Executive Branch, Fbi Fingerprinting, Fbi Files, Fbi Field Offices, Fbi Fingerprint Card, Fbi Fitness Test, Fbi Facebook, Fbi Fingerprint Check, Fbi Forensic Accountant, Fbi Foia, Fbi Founder, Fbi Glock, Fbi Games, Fbi Gov, Fbi Glassdoor, Fbi Guns, Fbi Gang List, Fbi Gun Statistics, Fbi Gif, Fbi Gift Shop, Fbi General Counsel, Fbi Headquarters, Fbi Hrt, Fbi History, Fbi Houston, Fbi Hiring, Fbi Hate Crime Statistics, Fbi Head, Fbi Hat, Fbi Honors Internship, Fbi Hotline, Fbi Internships, Fbi Investigation, Fbi Intelligence Analyst, Fbi Informant, Fbi Irt, Fbi Investigation Trump, Fbi Ic3, Fbi Infragard, Fbi Internet Fraud, Fbi Id, Fbi Jobs, Fbi Jacket, Fbi James Comey, Fbi Jurisdiction, Fbi Job Description, Fbi Jobs Apply, Fbi Jacksonville, Fbi Jade Helm, Fbi Jobs Chicago, Fbi Jackson Ms, Fbi Kansas City, Fbi Kids, Fbi Knoxville, Fbi Kidnapping, Fbi Komi, Fbi Kentucky, Fbi Killed Jfk, Fbi Kkk, Fbi Kodi, Fbi K9 Unit, Fbi Logo, Fbi Leeda, Fbi Los Angeles, Fbi Locations, Fbi Las Vegas, Fbi Leaks, Fbi Leader, Fbi Linguist, Fbi Louisville, Fbi Login, Fbi Most Wanted, Fbi Most Wanted List, Fbi Meaning, Fbi Meme, Fbi Movies, Fbi Museum, Fbi Motto, Fbi Miami, Fbi Mission Statement, Fbi Most Dangerous Cities, Fbi Number, Fbi News, Fbi National Academy, Fbi Nics, Fbi New York, Fbi New Orleans, Fbi Newark, Fbi New York Tv Show, Fbi Near Me, Fbi Nominee, Fbi Offices, Fbi Org Chart, Fbi Omaha, Fbi Operative, Fbi On Trump, Fbi Organizational Chart, Fbi Obama Meme, Fbi Obama, Fbi Oklahoma City, Fbi Office Near Me, Fbi Phone Number, Fbi Profiler, Fbi Pft, Fbi Police, Fbi Pay Scale, Fbi Phoenix, Fbi Pay, Fbi Philadelphia, Fbi Positions, Fbi Pittsburgh, Fbi Quantico, Fbi Qualifications, Fbi Q Target, Fbi Quotes, Fbi Quiz, Fbi Questions, Fbi Qr Code, Fbi Qas, Fbi Quantico Address, Fbi Quantico Tours, Fbi Requirements, Fbi Russia, Fbi Russia Investigation, Fbi Report, Fbi Ranks, Fbi Recruiting, Fbi Raid, Fbi Records, Fbi Rape Statistics, Fbi Russia Trump, Fbi Salary, Fbi Special Agent, Fbi Stands For, Fbi Swat, Fbi Special Agent Salary, Fbi Surveillance, Fbi Statistics, Fbi Sos, Fbi Surveillance Van, Fbi Seal, Fbi Training, Fbi Top Ten, Fbi Trump, Fbi Trump Russia, Fbi Tip Line, Fbi Tv Shows, Fbi Twitter, Fbi Tips, Fbi Teen Academy, Fbi Tours, Fbi Ucr, Fbi Ucr 2016, Fbi Units, Fbi Ucr 2015, Fbi Undercover, Fbi Unsolved Cases, Fbi Upin, Fbi Utah, Fbi Usa, Fbi Uniforms, Fbi Vs Cia, Fbi Vault, Fbi Virus, Fbi Vs Apple, Fbi Virtual Academy, Fbi Vehicles, Fbi Violent Crime Statistics, Fbi Virginia, Fbi Van, Fbi Van Wifi, Fbi Website, Fbi Warning, Fbi Wiki, Fbi Wanted List, Fbi Watch List, Fbi Windbreaker, Fbi Warning Screen, Fbi White Collar Crime, Fbi Warrant Search, Fbi Weapons, Fbi X Files, Fbi Xl2, Fbi Xl31, Fbi Xl4, Fbi Xl2 Programming, Fbi Xl-31 Troubleshooting, Fbi Xl 31 Installation Manual, Fbi X Files Real, Fbi Xl2t Installation Manual, Fbi Xl 1215, Fbi Yearly Salary, Fbi Youtube, Fbi Youth Academy, Fbi Youth Leadership Academy, Fbi Yellow Brick Road, Fbi Youth Programs, Fbi Yearly Budget, Fbi Youth Leadership Academy Portland, Fbi Youngstown Ohio, Fbi Yearly Income, Fbi Zodiac Killer, Fbi Zodiac, Fbi Zip Code, Fbi Zodiac Killer List, Fbi Zero Files, Fbi Zodiac List, Fbi Zodiac Signs Killer, Fbi Zhang Yingying, Fbi Zion, Fbi Zodiac Crimes, Cybercrime Definition, Cybercrime Statistics, Cybercrime Prevention, Cybercrime Articles, Cybercrime Jobs, Cybercrime Law, Cybercrime Statistics 2017, Cyber Crime Cases, Cyber Crime News, Cybercrime Topics, Cybercrime Articles, Cybercrime And Security, Cybercrime As A Service, Cybercrime And Digital Forensics An Introduction, Cybercrime And Digital Forensics, Cybercrime And Society, Cybercrime And Terrorism, Cybercrime Attacks, Cybercrime Act, Cybercrime Against Businesses, Cyber Crime Batman, Cyber Crime Book, Cybercrime Blog, Cybercrime Bill, Cybercrime Banks, Cybercrime Background, Cyber Crime By Country, Cybercrime Bangalore, Cybercrime Billion Dollar Industry, Cybercrime Background Information, Cyber Crime Cases, Cybercrime Certification, Cybercrime Convention, Cybercrime Careers, Cybercrime Cost, Cybercrime Cafe, Cybercrime Cost 2016, Cybercrime China, Cybercrime Conference, Cybercrime Conclusion, Cybercrime Definition, Cybercrime Definition Computer, Cybercrime Definition Fbi, Cyber Crime Data, Cybercrime Degrees, Cybercrime Definition Pdf, Cybercrime Database, Cyber Crime Detective, Cyber Crime Documentary, Cyber Crime Department, Cybercrime Example, Cyber Crime Essay, Cybercrime Effects, Cybercrime Events, Cybercrime Enforcement, Cybercrime Economy, Cyber Crime Ethics, Cybercrime Effects On Business, Cybercrime Ecosystem, Cybercrime Enforcement Training Assistance Act, Cybercrime Facts, Cybercrime Fbi, Cybercrime Forensics, Cybercrime Forum, Cybercrime Forensics Training Center, Cybercrime Federal Laws, Cyber Crime Fiction, Cybercrime Financial Services, Cybercrime Future Trends, Cybercrime Fiji, Cybercrime Gets Personal Money Magazine, Cybercrime Gets Personal, Cybercrime Growth, Cyber Crime Graph, Cybercrime Groups, Cybercrime Government, Cybercrime Global Statistics, Cyber Crime Gov, Cyber Crime Games, Cybercrime Gif, Cybercrime Hacking, Cyber Crime History, Cybercrime Help, Cybercrime Healthcare, Cybercrime Hyderabad, Cybercrime How To Report, Cyber Crime Hotline, Cybercrime Hacking News, Cyber Crime Head Office India, Cybercrime Hacking And Cracking, Cybercrime Identity Theft, Cybercrime In The Us, Cyber Crime Investigation, Cybercrime Images, Cyber Crime Insurance, Cybercrime Is Also Known As, Cybercrime Investigating High-technology Computer Crime, Cybercrime Infographic, Cybercrime Information, Cyber Crime In Russia, Cybercrime Jobs, Cybercrime Jurisdiction, Cybercrime Journal Articles, Cybercrime Job Description, Cybercrime Jobs Salary, Cybercrime Job Openings, Cybercrime Jobs In Chennai, Cybercrime Job Qualification, Cybercrime Journal Articles Pdf, Cyber Crime Jamaica, Cybercrime Kenya, Cybercrime Key Issues And Debates, Cybercrime Kuwait, Cybercrime Ki Dhara, Cybercrime Key Issues And Debates Pdf, Cybercrime Kasus, Cyber Crime Karnataka, Cybercrime Kartu Kredit, Cybercrime Kolkata, Cyber Crime Karachi, Cybercrime Law, Cybercrime Laws In Usa, Cybercrime Law Enforcement, Cybercrime Laws Of The United States, Cybercrime List, Cybercrime Legislation Us, Cybercrime Laws In Florida, Cybercrime Legal Issues, Cybercrime Law Outline, Cyber Crime Lesson Plans, Cybercrime Meaning, Cyber Crime Movies, Cybercrime Methods, Cybercrime Methodology, Cyber Crime Money, Cybercrime Markets, Cyber Crime Magazine, Cyber Crime Most Wanted, Cybercrime Meaning In Tamil, Cybercrime Masters Degree, Cyber Crime News, Cyber Crime News Articles, Cyber Crime News Articles 2017, Cyber Crime Netflix, Cybercrime Nigeria, Cyber Crime Novels, Cybercrime Number, Cybercrime Nhs, Cyber Crime News Philippines, Cybercrime Nbi, Cybercrime Or Cyber Crime, Cybercrime Organizations, Cybercrime On The Rise, Cybercrime On The High Seas, Cybercrime Offenses, Cyber Crime Outline, Cybercrime Office, Cybercrime Office In Ahmedabad, Cybercrime Office In Patna, Cybercrime Office In Nashik, Cybercrime Quotes, Cyber Crime Quizlet, Cybercrime Questions, Cyber Crime Quiz, Cybercrime Questionnaire, Cybercrime Question Paper, Cybercrime Qatar, Cybercrime Question And Answers, Cybercrime Report, Cybercrime Research Paper, Cyber Crime Rates, Cyber Crime Recent, Cybercrime Research Topics, Cybercrime Research, Cybercrime Reported To The Ic3, Cybercrime Resources, Cybercrime Riding Tax Season Tides, Cyber Crime Report 2016, Cybercrime Statistics, Cybercrime Statistics 2017, Cyber Crime Stories, Cybercrime Spyware, Cybercrime Statistics 2015, Cybercrime Security, Cybercrime Solutions, Cybercrime Salary, Cybercrime Small Business, Cyber Crime Synonym, Cybercrime Topics, Cybercrime Trends, Cybercrime Tracker, Cybercrime Treaty, Cyber Crime Types, Cybercrime Training, Cybercrime Threats, Cybercrime Tools, Cybercrime Terms, Cybercrime The Transformation Of Crime In The Information Age, Cyber Crime Unit, Cybercrime Us, Cybercrime Uk, Cybercrime Uae, Cybercrime University, Cybercrime Un, Cyber Crime Unit Mauritius, Cyber Crime Unit Malta, Cybercrime Uc, Cybercrime Unodc, Cybercrime Victims, Cybercrime Vs Traditional Crime, Cybercrime Videos, Cybercrime Vs Traditional Crime Statistics, Cybercrime Virus, Cyber Crime Vocabulary, Cybercrime Vs Traditional Crime Punishment, Cybercrime Vs Computer Crime, Cybercrime Vs Cyber Warfare, Cybercrime Vs Cyber Espionage, Cybercrime Wiki, Cybercrime Worm, Cybercrime World Wide War 3.0, Cyber Crime Websites, Cyber Crime Worksheet, Cybercrime Wallpaper, Cyber Crime Worldwide, Cybercrime Working Group, Cyber Crime What Is It, Cybercrime Wikipedia Indonesia, Cybercrime X-remote Download, Tedx Cybercrime, Cyber Crime Youtube, Cyber Crime Yahoo, Cyber Crime Yahoo Answers, Cyber Crime Yesterday, Cyber Crime Youth, Cybercrime Yang Menyerang Hak Cipta, Cybercrime Yar, Youth Cyber Crime, Cyber Crime Yogyakarta, Cybercrime Yang Menyerang Pemerintah, Cybercrime Zimbabwe, Cybercrime Zeus, Cybercrime Zimbra, Zurich Cyber Crime, Zimbabwe Cybercrime Bill, Cyber Crime In Zambia, New Zealand Cyber Crime, Los Zetas Cybercrime, Cybercrime Law In Zambia, Cyber Crime Cases In Zambia