The “KeySweeper” is a tiny, Arduino-powered wireless sniffer that captures data sent by your wireless keyboard to its receiver. That’s right — it’s a keylogger, and it doesn’t have to be plugged into your computer to work.
We should note right up front that not every wireless keyboard is vulnerable to this type of sniffing. Bluetooth keyboards, and newer keyboards that use AES between the keyboard and its paired wireless receiver aren’t susceptible. Obviously, if you’re worried about something like this and want to protect yourself, a wired keyboard is on order — or you can learn a thing or two about hacking, build this, and test your own keyboard to see if it’s susceptible.
Even so, back in January (Yes, I’ve been hanging on to this one for a while now, mostly because it’s perfect for Evil Week!) Samy Kamkar pulled a Microsoft wireless keyboard off the shop shelf, and despite a later statement from Microsoft that a: lots of manufacturers are vulnerable to this and b: their keyboards have been updated not to be, it worked like a charm.
Once the firmware is loaded onto the Arduino (or Genuino), you just jam the whole thing into a hollowed-out wall charger so the Arduino gets power, and wait. You can add a GSM chip to send captured account credentials or keystrokes to your phone wirelessly, or you can add a flash storage chip to the mix and grab the captured data the next time you’re in range of the sniffer. KeySweeper can even send SMS alerts for specific keystrokes, and if someone pulls it out of the wall, it looks like it stops working — but actually it runs on an internal battery that’s recharged the next time it’s plugged back in.
You can check out a walkthrough of the KeySweeper’s capabilities in the video above, or hit the link below for everything you’ll need to make your own, including parts and code. As always, use your powers for good — and for good hacking fun.
KeySweeper [via Ars Technica and Hackaday]
Lifehacker’s Evil Week highlights the dark side of life hacking. How you use that knowledge is up to you.
Leave a Reply
You must be logged in to post a comment.