Hacker builds wireless Microsoft keyboard keylogger disguised as USB wall charger

Although the gadget in the photo below looks innocent enough and you likely have something similar nearby, that USB wall charger is a wireless keylogger tool that can destroy privacy.

Security researcher Samy Kamkar is at it again; this time, his “stealthy Arduino-based” KeySweeper device is disguised as a USB wall charger that can eavesdrop on most wireless Microsoft keyboards. Built for as little as $10, it secretly monitors wireless keyboards within range, and “passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.”

Kamkar just released USBdriveby last month; last year he came out with SkyJack, a drone that could identify and hijack other drones to create “an army of zombie drones.” In 2010 he introduced evercookie, which, according to a top-secret NSA document leaked in 2013, was later used by NSA to track Tor users.

You don’t need mad technical skills or a lot of money to build KeySweeper, according to Kamkar. It costs between $10 and $80, depending upon the KeySweeper capabilities, which could include triggering text messages to be sent back to the operator if specific keywords are used, sending all keystrokes over the Internet or a GSM chip, or logging all keystrokes onto a flash chip to be “delivered wirelessly when a secondary KeySweeper device comes within wireless range of the target KeySweeper.” As a keylogger, it gobbles up usernames, passwords, URLs and anything else the target types.

Kamkar also created a web-based tool that a KeySweeper operator could use to monitor keystrokes in real time. He posted a how-to, various capabilities, as well as the hardware and software needed on GitHub.

Kamkar is not the first security researcher to hammer on and exploit the weak encryption in Microsoft wireless keyboards. He said he built KeySweeper by extending the work of Travis Goodspeed’s Goodfet project and KeyKeriki by Max Moser and Thorsten Schroder.

Kamkar included numerous KeySweeper build pictures as well as the following anecdote:

My friend Dana lent me her doll soldering iron. I don’t quite understand what she uses it for, but it’s a soldering iron with an attachable razor. This is great for cutting through plastic, and dolls, I presume. She took the iron back as soon as I explained what the device would do. Apparently she does not support this, though I’m not sure why. I’m sure I’ll find out after I sniff more keystrokes from her keyboard.

Kamkar used a USB wall charger, but the Arduino microcontroller could be housed in another device. Even if you were to find and unplug the USB charger spying unit, Kamkar said, “KeySweeper stealthily continues its operation using its (optional) internal battery. The moment KeySweeper is plugged back in, it switches back over to using AC power, and simultaneously recharges the battery.”

If you think a newer wireless keyboard would offer protection, think again, as Kamkar told VentureBeat that he “tested KeySweeper on a brand new keyboard I purchased only a few weeks ago from Best Buy.”

Regarding KeySweeper working only on its wireless keyboards, Microsoft said:

Keyboards from multiple manufacturers are affected by this device. Where Microsoft keyboards are concerned, customers using our Bluetooth-enabled keyboards are protected from this type of attack. In addition, users of our 2.4GHz wireless keyboard designs from July 2011 onwards are also protected because these keyboards use Advance Encryption Standard (AES) technology. 

The best defense against KeySweeper is to not use wireless keyboards.