The FBI, interestingly enough, is warning private industry partners to beware of “highly stealthy keystroke loggers that surreptitiously sniff passwords and other input typed into wireless keyboards.” You think?
“If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information,” FBI officials wrote in last month’s advisory. “Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen.”
Before you get excited and think the FBI was looking out for you, take note of the following:
The FBI’s Private Industry Notification is dated April 29, more than 15 months after whitehat hacker Samy Kamkar released a KeySweeper, a proof-of-concept attack platform that covertly logged and decrypted keystrokes from many Microsoft-branded wireless keyboards and transmitted the data over cellular networks. [emphasis added]
Keep in mind how simple it would be to put one in a hotel room or other public place. Do you leave your laptop in your hotel room? Extremely bad idea. And by the way…if you think that the FBI is being altruistic somehow…you’d be wrong.
Here’s another article on the Evil Maid attack type. You should most definitely read it.