Security researcher Samy Kamkar has released a new key logging tool for Microsoft Wireless keyboards. This tool named KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.
All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring.
KeySweeper has the capability to send SMS alerts upon certain keystrokes being typed, e.g. “www.bank.com”. This device will cost around $10 – 80 depending on operation.
How does it work?
KeySweeper exploits bugs in the Microsoft Wireless keyboards. For example, all Microsoft keyboards use the same first byte in their MAC address. It allegedly decrypt any Microsoft keyboard nearby without having to specify its MAC address first.
Microsoft is already aware of reports about a ‘KeySweeper’ device and they are investigating on it. Check more about this project here.