A security researcher has developed a USB wall charger that can eavesdrop on nearly every Microsoft keyboard.
Although we shared this discreet hack from Samy Kamkar back in January, a recent tweet from Lifehacker triggered our memory and we just had to share again! KeySweeper is an Arduino-based keylogger for Microsoft wireless keyboards (which use a proprietary 2.4GHz RF protocol) that is cleverly camouflaged as a functioning USB wall charger. The stealthy ATmega328 driven device can sniff, decrypt, log and report back all keystrokes — saving users both locally and online.
Keystrokes are then relayed back to the KeySweeper operator over the Internet via an optional GSM chip, or can be stored on a flash chip and delivered wirelessly when a secondary KeySweeper comes within range of the target KeySweeper. In fact, the well-known hardware hacker suggests that an effective reach of KeySweeper is that of a typical Bluetooth device, but could be extended using a low-noise amplifier. A web-based tool enables the live keystroke monitoring.
Users can set up SMS alerts that are triggered when certain keystrokes in the form of words, usernames or URLS are being typed, e.g. “bank” or heck, even “www.atmel.com.” (*Shameless SEO plug.*) If KeySweeper is removed from AC power, it will give off the impression that it is shut off; however, the inconspicuous gadget continues to operate covertly using an internal battery that is automatically recharged upon reconnecting to AC power.
As you are well aware, wireless keyboards have become a popular option for users wanting to connect to a laptop. Kamkar said he picked Microsoft’s keyboards after going into Best Buy and seeing which models seemed to be the most prevalent. Such units often encrypt their data before sending it wirelessly, but Kamkar claims to have discovered multiple bugs that make it easy to decrypt. While the researcher hasn’t tested the device on every Microsoft keyboard, he does believe that due to given their similarities, they will all be affected.
The KeySweeper project builds on previous work from Travis Goodspeed, Thorsten Schröder and Max Moser around the megaAVR controlled KeyKeriki.
Kamkar says the cost for KeySweeper can range anywhere from $10 to $80, depending on the operation and its necessary functions. Aside from the Arduino Pro Mini that he selected for its size, other components include:
- nRF24L01+ 2.4GHz RF chip which communicates using GFSK over 2.4GHz
- AC USB charger for converting AC power to 5v DC.
- (Optional) A SPI Serial Flash chip can be used to store keystrokes on.
- (Optional) Adafruit FONA which allows you to use a 2G SIM card to send/receive SMS, phone calls, and use the Internet directly from the device.
- (Optional, if using FONA) The FONA requires a mini-SIM card — not a micro SIM.
- (Optional, if using FONA): The FONA provides on-board LiPo/LiOn battery recharging, and while KeySweeper is connected to AC power, the battery will be kept charged, but is required nonetheless.
It should be noted that the hacker does say a Teensy MCU can be used in place of the ‘duino. As for the software, the primary code is installed on the microcontroller, while the web-based backend uses jQuery and PHP to log all keystrokes and provide an interface for live monitoring of target keyboards. KeySweeper’s source code and schematic are available on GitHub.