Skip to main content

USB Charger Steals Microsoft Keystrokes

Image Credit: Samy Kamkar

(Image credit: Image Credit: Samy Kamkar)

Microsoft makes pretty good keyboards, but no one ever said the company's products were immune to clever exploits. A security researcher has devised a way to steal keystrokes from any wireless Microsoft keyboard via a USB charger, and he's shared how to do it for as little as $10.

Samy Kamkar is an independent security researcher, whom you might remember as the creator of the ubiquitous Samy virus back in the days of MySpace. Since then, Kamkar has turned his attention to exposing vulnerabilities in common software and hardware, hoping that big companies will step up their security protocols. The KeySweeper USB charger is just one more volley in his war against shoddy security practices.

MORE: Free vs. Paid Antivirus: Avira vs. Bitdefender

The charger looks like a regular wall-outlet adapter, and will indeed charge your USB devices. It also contains an Arduino microcontroller, basically a tiny computer motherboard, and a 2.4 GHz wireless chip. Technically speaking, this is all you need to log user keystrokes (along with Kamkar's software for the Arduino board, which is available freely online), and it could set you back a staggering $10 in parts.

Because Travis Goodspeed, another independent researcher, had already discovered a vulnerability in Microsoft keyboards, tapping into the keyboard's signal was not hard. All networked devices, wired or wireless, broadcast a unique media control access (MAC) address, which the Microsoft keyboard uses to encrypt its signals.

An individual device's MAC address is traditionally too difficult to simply guess, but by taking advantage of a "forbidden" option to shorten the MAC address to listen in on, Goodspeed could essentially let almost any Microsoft keyboard fill in its own address and spill its secrets.

The bottom line is that logging keystrokes from Microsoft keyboards is both simple and cheap, but Kamkar did not stop there. If you're willing to dish out up to $80, you could deck out the charger with all kinds of goodies. With a little ingenuity, a hacker could install a chip to store keystrokes, a FONA/SIM card combination to send keystrokes back to a mobile device and a battery to keep the charger going even when disconnected from an outlet.

Since Kamkar has posted the instructions for making the charger on his website, it's possible that malefactors could build their own devices and try them out in the wild. Be wary about using wireless Microsoft keyboards in public settings — or if you suspect your neighbor might be interested in stealing your private records.

Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof. Follow us @tomsguide, on Facebook and on Google+.