This headline is proudly brought to you by wired keyboards: Wireless Fujitsu model hacked
A German security researcher has revealed that one model of Fujitsu wireless keyboard will accept unauthenticated input, despite the presence of AES-128 encryption.
Matthias Deeg discovered that the LX901 would respond to unencrypted but correctly formatted keystroke commands broadcast nearby. The set is normally shipped as a keyboard, mouse and receiver combination.
"The Fujitsu wireless keyboard itself only transmits keystrokes via AES-encrypted data packets with a payload size of 16 bytes using the 2.4GHz transceiver CYRF6936 from Cypress Semiconductor," Deeg wrote in an advisory about the flaw, later confirming to The Register that he really did mean that the keyboard's paired receiver was accepting unencrypted inputs from an unauthenticated source.
Provided the unencrypted messages conformed to the spec published by Cypress with a related reference design, the bridge would happily accept them and pass them to the host as if they were legitimate input from the user, Deeg found. He used an off-the-shelf RF transceiver module to generate the plaintext commands.
Deeg said he first notified Fujitsu in late 2018, giving them 45 days to respond. Cypress end-of-lifed the reference design Deeg had used in January this year, though all the download links for the documentation and firmware were still live at the time of writing.
The practical impact of this vuln will be relatively small. As Deeg himself pointed out, the keyboard runs at 2.4GHz, meaning practical applications of the attack are limited to Wi-Fi range – assuming, that is, your attacker is not the sort of agency that can get away with very high power outputs without attracting attention from the authorities. To make it a practical threat rather than an embuggerance, the attacker also needs to be able to see your screen.
Deeg's company, SySS GmbH, revealed a similar flaw in wireless keyboards two years ago .
Mitigation is easy: sit with your back against the wall. And use a wired keyboard.
Fujitsu had not yet commented by the time of publication. ®
- Apple 'surprised' by Germany's new law to open up mobile payments
- 中国移动携手支付宝升级“双V会员”：无需预付款 即享10G流量
- 中国移动：明年底5G手机将低于1500元 规模超1.5亿部
- CHEAP: Dance to the rhythm of your own Beats with $170 off the Solo3