The $9 ‘Spy Box’ That Tracks EVERYTHING You Type: Hacker Creates USB Charger That Can Steal Banking Details Remotely
Victoria Woollaston, writing on the January 14, 2015, TheDailyMailOnline, “for just six British pounds (about $9), a hacker can create a covert device that tracks everything you type on a keyboard — including usernames, credit card details, and banking passwords. The device, called KeySweeper, was built by a Polish-based security researcher; and, works with a range of wireless keyboards. Once connected, the small USB charger remotely decrypts logs — and, sends keystrokes to a hacker using specially designed software.”
“KeySweeper, was built by hardware hacker Samy Kamkar, using an Adrino board, a USB charger, a Microsoft wireless keyboard. These keyboards use a specific chip that runs on a frequency known as 2,4GHz RF protocol, which is how they communicate with wirelessly,” Ms. Woollaston noted.
“As the keystrokes are typed on wireless keyboards, they are typically encrypted as they move from the keyboard to the computer,” Ms. Woollaston, wrote. “Once set up,” she notes, “the charger is plugged into the wall and ‘sniffs,’ or ‘listens,’ to all the keys the user types. These keys are [then] decrypted, logged, and sent back to a hacker over the web — remotely — using Mr. Kamkar’s KeySweeper. “The technology can be configured to record everything; and, even send a text to alert the hacker if a certain combination of keys is pressed. For example, if the user types the URL for an online banking site, or enters a 16-digit number — which suggests it could be a credit card number. Even if the KeySweeper is unplugged, an internal battery will keep it running — although the battery life depends on the battery used. The range of the KeySweeper is said to be on par with a standard Blue Tooth device — at around 32ft. (10 meters).”
Mr. Kamkar used Microsoft keyboards,” Ms. Woollaston writes, “in particular, because they use the same protocol encryption, meaning once he had decrypted one, he could decrypt others.” “In theory though,” Ms. Woollaston warns, “this process could be applied to any wireless keyboard.” Mr. Kamkar has released the source code and instructions for building a Keysweeper, but advises against people doing so — without an electrical background.”
“Last year, Israeli researchers created keylogging software that can steal keystrokes from computers — even when they aren’t connected to the web — using so-called ‘air-gaps,’ TheDailyMailOnline reported. In that case/experiment, “the researchers from Israel designed computer software that logs keystrokes, and this software transmits these strokes via FM radio signals generated by the computer’s graphics card. The data is then picked up by a mobile phone, equipped to pick up radio signals. The researchers used Samsung Galaxy S4; and, had to plug in the headphones to get the radio receiver to work. This can be done without being detected by the user; but, does rely on software being installed on the computer in the first place. Since FM radio signals can travel over long distances, the receiver could be placed in another building,” TheDailyMailOnline warned. V/R, RCP