Thursday, August 4, 2016

How Bastile's US$12 Geetech Crazyradio Bluetooth dongle can hack Wireless Keyboards and Mice

“We were stunned. We had no expectation that in 2016, these companies would be selling keyboards with no encryption”

Bastille's Chief Research Officer Ivan O'Sullivan commenting on the weak encryption in Bluetooth keyboards

It's August 2015, dear hackers. Time for the brethren to gather in at the DefCon Conference and Black Hat Security Conference in Las Vegas, Nevada to reveal their security flaws to make you scared to fsociety, Mr. Robot style!

Personally to me, the knowledge that you can capture data by tapping into wireless keyboards is the most frightening as revealed in the article “Hackers could sniff out your passwords if you're typing nearby”, published July 26, 2016 by Laura Hautala, CNET News.

Google Logo

The hack, developed by researchers at cyber security firm Bastille Networks uses a device called a keysniffer that can detect or “sniff” keystrokes in a manner similar to a keylogger as explained in my blog article entitled “Professor Marco Gercke warns of Scammers using Keyloggers and How to use Keyloggers and Protect yourself”.

The device, which listens in on the unencrypted transmission of your keyboard, affect nearly every possible model and make of wireless keyboard as listed on Bastille's website, many of which use Bluetooth:

1.      HP
2.      Toshiba
3.      General Electric
4.      Kensington
5.      Radio Shack
6.      Anker
7.      EagleTec
8.      Best Buy's Insignia

See the full list in the graphic below and read the Mousejack Technical Details and Keysniffer technical Details:

Google Logo

The hacker would have to be within 76.2m (250 ft) from you for this hack to work, as Bluetooth signals degrade the farther away you are.

But a really smart hacker can have this US$12 keysniffer device in the room transmitting keystrokes over the air via Wi-Fi or even a special radio channel to the hacker miles always as pointed out in the article “Radio Hack Steals Keystrokes from Millions of Wireless Keyboards”, published 26 July 2016 by Andy Greenberg, Wired.

So how bad is this hack?

US$12 keysniffer device – Security based on ignorance

It's bad, really bad!

Most of the keyboards, potentially billions of them around the world, are represented in the list use the Mozart Semiconductor and other non-Bluetooth chipsets that have weak encryption compared to standard Bluetooth.


This made it easy for the Bastille Networks Researcher Marc Newlin to reverse-engineer a US$12 Geetech Crazyradio Bluetooth dongle to interpret the obscure keyboard protocols that constituted the unencrypted radio transmission between the Wireless Keyboard and the computer.

Surprisingly, there are no guidelines for encryption for these devices as noted by Bastille Networks Researcher Marc Newlin, quote: “There were no specifications. The only reason these devices had been operating under the radar is because no one had taken the time to reverse engineer them”.

Google Logo

So basically keyboard makers, thinking that hackers would think of going after wireless keyboards, we practicing security based on ignorance; if nobody knows, then it’s safe. Not a good idea, really!

keysniffer and MouseJack Hack – More reason to buy Standard Bluetooth Mice and Keyboard

Interestingly, this hack is a lot like MouseJack hack that Bastille Networks researcher.

This was revealed by Bastille Networks using the same US$12 Geetech Crazyradio Bluetooth dongle which also allowed them to eavesdrop on mouse keystrokes as noted in the article “Flaws in Wireless Mice and Keyboards Let Hackers Type on Your PC”, published February 23 2016 by Andy Greenberg, Wired.


In the case of MouseJack, the researcher took advantage of flaws in Norwegian Firm Nordic Semiconductor's chips that again had less than stellar encryption than standard Bluetooth chipsets. Also both the keysniffer and the MouseJack hack allow the user to take control of the computer remotely, albeit the hacker would have to be able to see the screen.

Both these hacks leaves billions of wireless keyboards and mice vulnerable to a hacker gifted enough to set up both a wireless hidden mini-Camera to watch you and a radio connected version of the US$12 Geetech Crazyradio Bluetooth dongle to intercept and remotely transmitted your signals to their remote locations many miles away.


Throw in the University of California's technique to determine a 3D printers prints based on the sound it makes as described in my blog article entitled “University of California 3D printers espionage reveals how Sound Photography coming to smartwatches and smartphones”, and your hacker could know everything you typed, spoke and printed while around on your computer, even if it isolated from the Internet.

Your best defense?

I personally recommend the use of standard Bluetooth chipsets such as the Apple Magic Mouse 2, Keyboard 2 and Trackpad 2 as described in my MICO Wars blog entitled “Why the Apple Magic Mouse 2, Keyboard 2 and Trackpad 2 enhances the Apple iPad Pro” and other Bluetooth keyboard and mice that have the encryption option enabled.

Stop using Wireless Mice and keyboards would keep you even safer!

Here’s the link:



No comments:

Post a Comment

Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.