Microsoft wireless keyboard cracking technology revealed

The release of the presentation comes about 18 months after Max Moser and Thorsten Schroder - the two researchers behind Dreamlab - announced to an initially sceptical public that they had cracked the Microsoft wireless encryption system.

Cracking the system and developing the Keykeriki software to extract the keystrokes in real time, however, are two different things, and Dreamlab appear to have gone the distance and even published details of the circuit diagram required for the sniffer hardware.

Infosecurity understands that the hardware centres on the Texas Instruments TRF7900A 27 MHz receiver chipset commonly seen in wireless mice and keyboards.

According to Dreamlab, the chipset is controlled via an eight-bit Atmel controller.

The good news is that only Microsoft's wireless keyboards transmitting on the 27 MHz band are currently affected by the crack, and not the latest generation of Bluetooth keyboards, or wireless units from other manufacturers.

Dreamlab says that decoding the Microsoft keyboard codes is relatively easy, as the encryption system is based on a simple XOR operation and only requires an eight-bit key.

The two researchers are now reportedly turning their attention to 2.4 GHz-based wireless keyboards.


What’s hot on Infosecurity Magazine?