You've scanned your computer for malware and received a clean bill of health, so you're safe, right? Not quite. A security researcher has recently developed a keylogger that's disguised as a wall charger and can record information from Microsoft wireless keyboards from a wall socket.
Samy Kamkar designed the KeySweeper gadget that just looks like black USB wall charger. The scary device can actually record everything you type on the keyboard like passwords, credit card numbers and more. It can even send text message alerts to the owner to let them know when you're typing specific words. That's useful if they're trying to steal passwords to specific websites.
The price of KeySweeper will depend on everything the owner wants it to do, so it could cost $10-$80. It can store keystrokes on the gadget or online.
KeySweeper only works on Microsoft wireless keyboards, but it's still unclear how many models the gadget works with. It takes advantage of some flaws in the keyboards to steal the information.
KeySweeper exploits multiple bugs, including the fact that all Microsoft keyboards use the same first byte in their MAC address. Along with a few other holes, it can thus allegedly decrypt any Microsoft keyboard nearby without having to specify its MAC address first.
This is a photo of the charger from Kamkar.
The best way to keep your computer safe would to be avoid using Microsoft wireless keyboards when you're out in a public place where someone could plug a KeySweeper into the wall. Microsoft is aware of the problem and is currently investigating the situation. Kamkar actually designed the device to bring attention to the lack of security on many wireless items.
KamKar hopes his project will do more than just give would-be spies a how-to guide. He told VentureBeat: “I hope this creates pressure to ensure that we have proper encryption in new wireless products that come out!”
Hackers can also install malicious keylogging software on your computer to steal your keystrokes that way, and they're not always detectable by traditional security software. Click here to take a look at software designed to spot keyloggers.