Researchers at Dreamlab Technologies AG and Remote-exploit.org have found a way to eavesdrop, decrypt and log keyboard strokes when transmitted on a 27MHz spectrum. The researchers validated their results using Microsoft’s Wireless Optical Desktop 1000 and 2000 and they have projected these results to affect the Wireless Optical Desktop 3000 and 4000, although neither were tested.

In order for a wireless keyboard to function, a receiver must be setup on a computer and an association process must occur. This process, also known as “connecting” or “synching”, usually happens with the push of a button on both the keyboard and the receiving component. Once this connection is established, the receiver stores the connection to memory and only recognizes that one particular keyboard and will reject any other requests from other wireless keyboards.

Originally, wireless keyboards used an infrared signal to establish a connection, but now companies have switched over to a radio frequency-based keyboard operating at 27MHz. The data being sent over this frequency is encrypted using a one byte USB HID keystroke. This data, once sent, is decoded by the receiver. But metakeys such as “CTRL”, “ALT”, and “Shift” are not encrypted.

This encryption uses a simple XOR mechanism which leaves a possibility of only 256 different values per keystroke packet received. This XOR mechanism results in a value of “true” if and only if the encrypted data sent has the same value. It is a simplistic code that can be broken using bruteforce to obtain the correct code.

The researchers at Dreamlabs and Remote-exploit.org realized that by using a simple wordlist checking together with a weightening algorithm, they could decode all data in range within a few keystrokes. They even go so far as to say that with even the slowest of computers today, this encryption can be broken.

This simple hacking done by Dreamlabs shows how easy it can be for a keylogging to affect even wireless systems. As such, one of the simplest way to thwart such a security risk would be to have a wired keyboard. But even then you are not safe as trojans and viruses can attack the computer and log your wired keyboard activity, then transmit the information back to the attacker. It is an easy way to obtain passwords, usernames and to bypass certain security measures put in place to protect a network or private computer.