Dubbed KeySweeper, the device included a web-based tool for live keystroke monitoring and was capable of sending SMS alerts for typed keystrokes, usernames, or URLs, and work even after the nasty device is unplugged because of its built-in rechargeable battery.
The FBI has issued a warning advisory for private industry partners to look out for highly stealthy keyloggers that quietly sniff passwords and other input data from wireless keyboards.
According to the advisory, blackhat h*ckers have developed their custom version of KeySweeper device, which “if placed strategically in an office or other location where individuals might use wireless devices“, could allow criminals to steal:
- Intellectual property
- Trade secrets
- Personally identifiable information
- Passwords
- Other sensitive information
Since KeySweeper looks almost identical to USB phone chargers that are ubiquitous in homes and offices, it lowers the chances of discovering the sniffing device by a target.
Although the FBI made no mention of malicious KeySweeper sniffers being found in the wild, the advisory indicates the information about the KeySweeper threat was obtained through an undescribed “investigation.”
“The primary method of defense is for corporations to restrict the use of wireless keyboards. Since the KeySweeper requires over-the-air transmission, a wired keyboard will be safe from this type of attack.” FBI advised.
Sniffers work against wireless devices that do not use secure encryption for the data transmitted between a keyboard and the computer.
No comments:
Post a Comment