Security firm cracks encryption for Microsoft's wireless keyboards
Dreamlab Technologies AG says it has found a way to sniff the data traffic between Microsoft's wireless keyboards and their base stations, which communicate with each other on the 27 MHz band. In the method they discovered, unauthorized parties are reportedly able to record and decrypt all keystrokes from such keyboards. The decoding was demonstrated using data traffic from the Wireless Optical Desktop 1000 and 2000. The security firm says that other keyboards that Microsoft sells, such as the Wireless Optical Desktop 3000 and 4000, encrypt and transmit data using the same procedure, so that they are also probably unsafe. Keyboards that use Bluetooth for communication are not vulnerable.
Max Moser and Philipp Schrödel say that decryption was very easy because the devices use a simple XOR mechanism for encryption and the keys are only one byte long. They claim that even a PDA with a slow ARM-CPU would have derived the combination quickly. Aside from not using such keyboards, there is no workaround. Microsoft has yet to react to the Swiss firm's announcement.