Private industry notification comes 15 months after debut of KeySweeper.
FBI officials are warning private industry partners to be on the lookout for highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.
It’s not clear why the FBI waited so long to warn private industry players of the KeySweeper threat. The notification, which says the information was obtained through an undescribed “investigation,” makes no mention of malicious sniffers being found in the wild. Kamkar told Ars that he hasn’t heard of any reports of real attacks using devices similar to KeySweeper but that he couldn’t rule out the possibility, either.
Microsoft officials have pointed out that sniffing attacks work against any wireless device that doesn’t use strong cryptography to encrypt the data transmitted between a keyboard and the computer it’s connected to. The officials have said that company-branded keyboards manufactured after 2011 are protected because they use the Advanced Encryption Standard. Bluetooth-enabled wireless keyboards are also protected. Anyone using a wireless keyboard from Microsoft or any other maker should ensure it’s using strong cryptography to prevent nearby devices from eavesdropping on the radio signal and logging keystrokes.