Meet KeySweeper, the Stealthy Hardware Recording Your Keystrokes

If there’s one reason why classic James Bond films are so widely enjoyed, it’s because of the unbeatable gadgets. From complex and indescribable to common and crafty, Bond gadgets always capture the audience’s imagination. In fact, some Bond gadgets were so powerful in concept that they became real, everyday objects. Fingerprint readers and cameras are embedded into our phones, we can lock and unlock remote-controlled doors, and leveraging GPS location technology is daily occurrence. They’re all common, and have become everyday technologies.

This is why KeySweeper is so unsettling. KeySweeper is a $10 proof-of-concept spying tool that’s simple, clever and very Bondish; it’s a keylogging device disguised as a USB charger (the kind of charger you plug into an outlet to charge your phone). The device intercepts and decrypts signals sent from wireless keyboards, allowing it to record usernames, passwords and a bevy of personal data over a cellular connection.

So, whether you’re using a wireless keyboard in your office, or a hotel room, watch out: all a cybercriminal has to do is plug the tool into a strategic AC outlet and wait.

Like I said, it’s a very Bond-esque device, which is why the FBI is so concerned. In late April, FBI officials issued a private industry notification about the threat to businesses. The notification broke down what KeySweeper is, what KeySweeper objects could look like and how organizations can avoid falling into this particular keylogger trap.

Thankfully, KeySweeper has a few limitations working against it. First, it has to be near its target in order to pick up on the wireless keyboard’s signals. Second, it’s limited to wireless keyboards made before 2011 (some encryption standards have changed since then). Finally, it needs to be powered to work — meaning that unplugging strange devices and unknown chargers could kill the attack.

That last limitation, however, can be easily overcome. KeySweeper devices can be augmented with a small battery that allows it to run even when it’s unplugged, which means it could steal signals for hours without a power source.

So, if you happen to notice a device like the below plugged into an outlet near you, and you’re using a wireless keyboard, take heed—it could be a KeySweeper attack in the works. Now, the KeySweeper program can take many forms, in addition to the below wall plug-in example. That said, it’s best to be suspicious of any unfamiliar devices around you when you’re typing wirelessly.

keysweeper1Samy Kamkar / samy.pl/keysweeper

KeySweeper could soon be the first example of a long running battle with keylogger attacks. To protect yourself from KeySweeper and other keyloggers, follow these tips:

  • Stick to wired, or built in, keyboards. The whole premise of KeySweeper is to steal signals from wireless keyboards. To avoid falling victim, stick to wired or built-in keyboards. For those of us who must have a wireless one, make sure it’s using strong encryption (look for AES).
  • Know your chargers. USB chargers are a currency unto themselves these days, but that doesn’t mean you have to pay the price when using one. Make sure you know where your USB charger comes from before you use it, and don’t leave unknown or untrusted gadgets plugged into your devices—unplug them or remove them entirely.
  • Use comprehensive security. Like a lot of malicious software today, keyloggers are pretty well-known and easily blocked by security software like McAfee LiveSafe™. Keep all of your devices safe and sound with a comprehensive security solution.

And, of course, stay on top of the latest consumer and mobile security threats by following me and @McAfee_Home on Twitter, and ‘Like’ us on Facebook

gary

Leave a Comment

4 × three =