The KeySweeper Hack

The Humble Beginnings of the Cash Register
January 19, 2018
Show all

The KeySweeper Hack

The number of tools that nefarious hackers have at their disposal these days is positively frightening. Attacks seem to be growing more complex and dangerous by the day, and we constantly see new stories emerge that cause us to rethink our own security practices. But, as we are reminded constantly, it doesn’t always take complex machinery or even any real coding know-how to steal things using technology-in fact, people were recently caught using an iPod Nano and a piece of plastic to steal from ATMs according to an article by Business Insider.

Now, it appears that anyone can spy on others in the vicinity with a new gadget that is cheap, relatively easy to build, and it looks like a normal cell phone charger.

Even with the constant reminders of how important PCI security really is, new hacks will always pop up that companies are not prepared for. Such is the case with keySweepers, small DIY devices that look like harmless smartphone chargers. In reality, however, the device is anything but harmless.

As shown above, A KeySweeper is “a stealthy Ardunio-based device, camouflaged as a functional USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity” (Goodin).

A KeySweeper is capable of capturing every single keystroke typed on a wireless keyboard and transmitting them back to a host. The device can even send SMS alerts that are triggered when certain keywords are being typed.  This means that usernames and passwords can be stolen, thus leaking private information.

These devices are relatively inexpensive and range from $10-$80 depending on the desired functionality, and instructions are available online through various sources. This is part of why this device is so frightening. It’s easily affordable and takes a minimal technological skillset to build.

Contact us immediately if you discover such a device in your business. We will assist in taking the appropriate corrective actions necessary.