Hacking 27Mhz Wireless Keyboards.

This is the kind of research I just love. The people from dreamlab have been busy with exploring the 27Mhz wireless technique used in keyboards from Microsoft and Logitech. The most interesting fact they found is that the encryption scheme used is at least to call trivial. They are Xoring a key against a random byte determined during the initial sync with the receiver. With only 20 to 50 keystrokes it would be possible to gain the key to decrypt the keystrokes. But, as you probably understand with Xoring there are only 256 possibilities which concludes that the keystrokes can be captured and decrypted by brute forcing the key used. The choice for such a weak cipher probably stems from the vendors idea, that no one will go through the hassle of hacking 27Mhz wireless keyboards and intercept keystrokes, and obviously this was a wrong assumption. You either use strong encryption, or you don't use encryption at all. It is a huge problem because some keyboards have a maximum range of 100 meters. I know at least one bank in my town who uses wireless keyboards all over the place. Since I'm never wireless, I can understand that this can come as a shock to some who work in security and uses wireless peripherals. The whitepaper and video can be downloaded here: http://www.dreamlab.net/download/articles/27_Mhz_keyboard_insecurities.pdfhttp://www.remote-exploit.org/max/automated.htmlEnjoy.