security ofwireless keyboards

[abreauj-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org (John Abreau)]

As I understand it, the Bluetooth specs include decent cryptography,
including a pass phrase mechanism that allows for reasonably long
pass phrases.

However, most peripheral vendors don't allow the user to supply
their own pass phrase, and instead hard-wire the pass phrase
at the factory, often to "0000".  They also try to shape consumer
expectations by calling it a "PIN" instead of a "pass phrase".



On Thu, Jan 20, 2011 at 2:12 PM, Tom Metro <tmetro-blu-5a1Jt6qxUNc at public.gmane.org> wrote:

> Matthew Gillen wrote:
> > I can't bring myself to use a wireless keyboard.  I just don't like the
> > idea of broadcasting my passwords out to anyone within listening
> > distance.
>
> The Security Now podcast has covered the security of wireless keyboards
> a few times. In episode 269 Steve Gibson says:
>
>  ...the wireless keyboards have such weak security that essentially,
>  when you turn the keyboard on, it chooses an eight-bit byte randomly
>  and XORs the data that's being sent with that byte.  ...the data is
>  not technically in the clear.  It's not plaintext.  But, boy, I mean,
>  it would just be a fun and relatively short exercise to decrypt that
>  stream.  It would be trivial to decrypt it. ... So the encryption of
>  wireless keyboards is virtually ineffective.
>
> And in episode 271 he says:
>
>  Yeah, I wanted to quickly calm everyone's nerves over the issue of
>  keyboard security.  ... I did some research, read some whitepapers and
>  some security evaluations and so forth.  And the good news is Logitech
>  got it 100 percent correct.  They did a beautiful job.  ... There's
>  nonvolatile memory in the keyboard and in what they call their little
>  unifying receiver.  This is Logitech's new technology.
>
>  So at the factory, nonvolatile memory in the keyboard and in the
>  unifying receiver are synchronized with the same 128-bit symmetric
>  key, which the AES algorithm uses to encrypt keystrokes.  So if you
>  repair the keyboard, because for example you might pair it with a
>  different receiver that hasn't seen that keyboard before, the pairing
>  process does exactly the right thing.  There are pseudorandom number
>  generators at each end.  They're able to establish a new key without
>  it ever going over the wire, over the air, in the clear, in order to
>  synchronize a new key that they agree upon on the fly.  That's written
>  into nonvolatile RAM and kept there.
>
>  ...I haven't looked at anybody else's.  But I know that the unifying
>  receiver technology that Logitech has is doing this.  And it does say
>  in the specs, just in the regular top-level specs, 128-bit AES
>  encryption.  So that's the way they implemented it.  I would imagine
>  anything that Logitech has done, even if it's not the K320 wireless
>  keyboard, that also says that would be using the same technology,
>  which means you can trust it.
>
> So the level of security depends on the keyboard, with at least some of
> the newer models having adequate security.
>
> And elsewhere in that episode:
>
>  ...anything Bluetooth is, well, okay.  Anything Bluetooth is way more
>  secure than a simple 8-bit XOR, if for no other reason than almost
>  nothing could be less secure than an 8-bit XOR. ... Bluetooth is good
>  security, very good security.
>
> Episodes 280 and 283 cover BlueTooth in depth. (I haven't listened to
> them yet.)
>
>
> Episode 269:
> transcript: http://www.grc.com/sn/sn-269.txt
> audio: http://media.grc.com/sn/sn-269.mp3
>
> Episode 271:
> transcript: http://www.grc.com/sn/sn-271.txt
> audio: http://media.grc.com/sn/sn-271.mp3
>
> Other episodes:
> http://www.grc.com/securitynow.htm
>
>  -Tom
>
> --
> Tom Metro
> Venture Logic, Newton, MA, USA
> "Enterprise solutions through open source."
> Professional Profile: http://tmetro.venturelogic.com/
> _______________________________________________
> Discuss mailing list
> Discuss-mNDKBlG2WHs at public.gmane.org
> http://lists.blu.org/mailman/listinfo/discuss
>



-- 
John Abreau / Executive Director, Boston Linux & Unix
GnuPG KeyID: 0xD5C7B5D9 / Email: abreauj-Re5JQEeQqe8AvxtiuMwx3w at public.gmane.org
GnuPG FP: 72 FB 39 4F 3C 3B D6 5B E0 C8 5A 6E F1 2C BE 99