Do you use a wireless keyboard for typing documents, mails or for logging in on social networking and bank accounts? And look around you, is there any USB charger on the walls? Well, then someone might be recording your keystrokes and transmitting each of them to the attacker via an optional GSM chip or via text messages.
Yes, it's true. Samy Kamkar, the creator of MySpace famous Samy virus, has developed an inexpensive USB wall charger with a hardware key-logger inside.
Based on Arduino micro-controller, KeySweeper can sniff, decrypt, log in and then send the entire information to the attacker. The developer claims KeySweeper can hack any Microsoft-made wireless keyboard.
Along with the micro-controller, the developer has combined an NRF24L01 2.4GHz radio frequency chip for sniffing the data, an SPI serial flash chip for storing each keystroke, Adafruit FONA board for appending a 2G SIM card for later transmission. The developer has also released the source code for further improvements.
The developer has released a detailed step-by-step instruction on how to develop the charger along with its cost. The charger will be able to store the entire data and transmit it across via the installed GSM chip. Kamkar has also created a back-end tool that allows the attacker to monitor keyboard live through a webpage.
Though Microsoft wireless keyboards come with essential encryption ability of data before transmission, the developer claims to have found out the loopholes of the supplied encryption standard and developed the decryption code on that basis.
Kamkar has also said that he tested a few Microsoft wireless keyboards and cracked them He added that all the wireless keyboards can be hacked in the same way and that this project will create pressure on the wireless input device manufacturers to build more secure devices in the future.
Talking about the cost of the KeySweeper, he mentioned it will range from $10 to $80, depending on the features required.