New Tales of Wireless Input Devices
2019-10-22, 16:00–16:45, Europe

In our talk, we will present new security tales and vulnerabilities of wireless mice, keyboards, and presenters using 2.4 GHz radio communication that we have collected over the last two years.

In 2016, we published the results of our research project "Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets" and publicly disclosed several security vulnerabilities in wireless desktop sets using AES encryption of different manufacturers. In the same year, Bastille Research independently published security vulnerabilities in wireless mice and keyboards of different manufacturers, too. As time went by, we have learned more about the (in)security of further wireless input devices like mice, keyboards, and presenters using different 2.4 GHz radio-based technologies, and want to share our experiences and gained knowledge concerning these devices.

In our talk, we want to present answers to unanswered questions of our previous wireless desktop set research, raise the awareness of security issues and practical attacks against vulnerable wireless input devices, and tell some interesting tales.


We will present different security vulnerabilities (e.g. insufficient protection of sensitive data, unencrypted communication, unauthenticated communication, keystroke injection) in different 2.4 GHz wireless input devices (e.g. keyboards, mice, wireless presenters) of different manufacturers (e.g. Microsoft, Logitech, 1byone, Fujitsu, Inateck, Targus) using different technologies (e.g. Bluetooth Classic, Bluetooth LE, Nordic Semiconductor Enhanced ShockBurst, Cypress WirelessUSB LP, other proprietary radio communication protocols), and talk about the way we found them.

Concerning found Bluetooth security issues, we have published the following two papers last year but did not present this research results at a conference yet:

Regarding our new research about non-bluetooth 2.4 GHz wireless input devices, our paper is still work-in-progress and will hopefully be published within the next couple of months. Different security advisories will also be published according to our responsible disclosure policy.

One example concerning a keystroke injection attack against the AES-encrypted wireless keyboard Fujitsu LX901 is demonstrated in the following video:

All in all, our talk "New Tales of Wireless Input Devices" will be quite similar to our talk "Of Mice and Keyboards: On the Security of Modern Wireless Desktop Sets" from 2016 (https://www.syss.de/fileadmin/dokumente/Publikationen/2016/2016_10_18_Of_Mice_and_Keyboards-Hack.lu_2016.pdf).

See also:

Matthias is interested in information technology - especially IT security - since his early days and has a great interest in seeing whether security assumptions in soft-, firm- or hardware hold true when taking a closer look. Matthias successfully studied computer science at the university of Ulm and holds the following IT security certifications: CISSP, CISA, OSCP, OSCE.

Since 2007 he works as IT security consultant for the IT security company SySS GmbH and is head of R&D.

His research results concerning different IT security topics were presented on different international IT security conferences (Chaos Communication Congress, DeepSec, Hacktivity, ZeroNights, PHDays, Ruxcon, Hack.lu, BSidesVienna). He also published several IT security papers and security advisories.

Gerhard is interested in all things concerning IT security – especially
when it comes to hardware or radio protocols. He successfully studied IT
security at Aalen University and is working at SySS GmbH since 2014 as
IT security consultant and penetration tester. He is also head of the
hardware security team.

Gerhard was speaker at different IT security conferences like GPN,
Ruxcon, and DeepSec, where he talked about hacking RFID-based student
cards or the security of wireless desktop sets. He is also author of the
Mifare Classic Tool Android app.