This headline is proudly brought to you by wired keyboards: Wireless Fujitsu model hacked
A German security researcher has revealed that one model of Fujitsu wireless keyboard will accept unauthenticated input, despite the presence of AES-128 encryption.
Matthias Deeg discovered that the LX901 would respond to unencrypted but correctly formatted keystroke commands broadcast nearby. The set is normally shipped as a keyboard, mouse and receiver combination.
"The Fujitsu wireless keyboard itself only transmits keystrokes via AES-encrypted data packets with a payload size of 16 bytes using the 2.4GHz transceiver CYRF6936 from Cypress Semiconductor," Deeg wrote in an advisory about the flaw, later confirming to The Register that he really did mean that the keyboard's paired receiver was accepting unencrypted inputs from an unauthenticated source.
Provided the unencrypted messages conformed to the spec published by Cypress with a related reference design, the bridge would happily accept them and pass them to the host as if they were legitimate input from the user, Deeg found. He used an off-the-shelf RF transceiver module to generate the plaintext commands.
Deeg said he first notified Fujitsu in late 2018, giving them 45 days to respond. Cypress end-of-lifed the reference design Deeg had used in January this year, though all the download links for the documentation and firmware were still live at the time of writing.
The practical impact of this vuln will be relatively small. As Deeg himself pointed out, the keyboard runs at 2.4GHz, meaning practical applications of the attack are limited to Wi-Fi range – assuming, that is, your attacker is not the sort of agency that can get away with very high power outputs without attracting attention from the authorities. To make it a practical threat rather than an embuggerance, the attacker also needs to be able to see your screen.
Deeg's company, SySS GmbH, revealed a similar flaw in wireless keyboards two years ago .
Mitigation is easy: sit with your back against the wall. And use a wired keyboard.
Fujitsu had not yet commented by the time of publication. ®
- 富士通：推出基于区块链的身份认证服务 提升在线交易各方可信度
- 2048块GPU再次加速SGD：富士通74.7秒完成ResNet-50 训练
- This headline is proudly brought to you by wired keyboards: Wireless Fujitsu model hacked
- 富士通移动 伊藤忠合资，小达人老人智能手机面世
- 富士通拟关闭设在德国的电脑工厂 直接影响1500个岗位