Local Client Insecurity
Any tech-savvy user will know of a handful of security vulnerabilities relating to desktop computing, these can range from remote attacks (Man in the middle / Malware / DDoS / Brute Forcing / Port Scanning) to local exploits ( hardware & software keystroke logging / more Malware / dailers etc.)
In-fact, apart from the distant days of Windows 95 I cant recall a time when there were more things for security conscious users to be worried about. Back in the middle to late 90s, the internet was gradually becoming common place and within the reach of the layman. Unfortunately these users typically didn’t (or didn’t have a sufficiently fast connection – 4hrs for IE 4.0 update?) update software to patch security holes. The term script-kiddy was coined, referring to individuals who would use “off the shelf” exploit programs to wreak havoc. These easily found resources would be effective for months (if not years) due to the majority of users being completely clueless or disinterested in protecting their digital homes.
Fast forward to modern day, wireless hacking tools exploiting the poor design and implementation of WEP encryption have been commonplace for a number of years now. Wireless equipment manufacturers have taken on the role of securing their client’s networks by shipping routers with WEP (and more recently WPA) enabled by default which has helped secure many home networks from a variety of threats, from freeloading neighbours to network peeping toms. Security software companies have helped raise awareness while peddling their, often rather poor offerings to the unsuspecting public. (Norton anyone?)
By now everyone must know that running WEP on a Wifi connections is potentially extremely risky, those reading this who are still running an unencrypted Wireless Access point without some kind of secondary encryption system should stop what they are doing and read up on this.
It would appear that even wireless keyboards (using 27Mhz radio transmitters not Bluetooth) are vulnerable (although Bluetooth ones are also but via a different type of attack.) It turns out that security was probably very low down on the list of priorities during development of this common interface extension. The security system emplyed uses a single bit XOR encryption. The best explanation of how rubbish this is stems from TechFaq’s definition / explaination of XOR :
The article concludes that there are only 256 possible keys that are set once a keyboard / receiver have been paired with no periodic shifting. It does make you wonder how easy it would be to build a portable device designed to record all 27Mhz data it can pull off the air for later analysis. Whilst the majority of the time it would capture useless keystrokes or harmless IM conversations, it could potentially capture bank details (although most banks now use secondary non input based authentication) or email / shopping account passwords. As if we didnt have enough to worry about with both software and hardware keyloggers already.