2019-10-22, 16:00–16:45, Europe
In our talk, we will present new security tales and vulnerabilities of wireless mice, keyboards, and presenters using 2.4 GHz radio communication that we have collected over the last two years.
In 2016, we published the results of our research project "Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets" and publicly disclosed several security vulnerabilities in wireless desktop sets using AES encryption of different manufacturers. In the same year, Bastille Research independently published security vulnerabilities in wireless mice and keyboards of different manufacturers, too. As time went by, we have learned more about the (in)security of further wireless input devices like mice, keyboards, and presenters using different 2.4 GHz radio-based technologies, and want to share our experiences and gained knowledge concerning these devices.
In our talk, we want to present answers to unanswered questions of our previous wireless desktop set research, raise the awareness of security issues and practical attacks against vulnerable wireless input devices, and tell some interesting tales.
We will present different security vulnerabilities (e.g. insufficient protection of sensitive data, unencrypted communication, unauthenticated communication, keystroke injection) in different 2.4 GHz wireless input devices (e.g. keyboards, mice, wireless presenters) of different manufacturers (e.g. Microsoft, Logitech, 1byone, Fujitsu, Inateck, Targus) using different technologies (e.g. Bluetooth Classic, Bluetooth LE, Nordic Semiconductor Enhanced ShockBurst, Cypress WirelessUSB LP, other proprietary radio communication protocols), and talk about the way we found them.
Concerning found Bluetooth security issues, we have published the following two papers last year but did not present this research results at a conference yet:
Case Study: Security of Modern Bluetooth Keyboards
Rikki Don't Lose That Bluetooth Device
Regarding our new research about non-bluetooth 2.4 GHz wireless input devices, our paper is still work-in-progress and will hopefully be published within the next couple of months. Different security advisories will also be published according to our responsible disclosure policy.
One example concerning a keystroke injection attack against the AES-encrypted wireless keyboard Fujitsu LX901 is demonstrated in the following video:
- SySS Proof-of-Concept Video: Fujitsu LX901 Keystroke Injection Attack
All in all, our talk "New Tales of Wireless Input Devices" will be quite similar to our talk "Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets" from 2016 (https://www.syss.de/fileadmin/dokumente/Publikationen/2016/2016_10_18_Of_Mice_and_Keyboards-Hack.lu_2016.pdf).