Is wirelesss mouse a privacy problem?

Discussion in 'privacy problems' started by unregd, Oct 1, 2005.

Thread Status:
Not open for further replies.
  1. unregd

    unregd Guest

    Is a wireless mouse a risk to security/privacy.I understand they communicate with the PC by radio signal. Could someone else pick up the signal? What would they be transmitting? Would they not be only transmitting the command to move the pointer? Would be appreciative for a reply
    Regards
     
  2. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    The mouse is safe ;)
     
  3. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    ...it`s the keyboard ya have to worry about. ;)
     
  4. unregd

    unregd Guest

    Why, is it because of the data it would be transmitting? And how close would someone have to be to pick up the signal. If I am working alone in a space where there are no othere pc's or radios is this safe?
     
  5. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    I would imagine that a wireless keyboard could be "sniffed" - not sure what the range is, but with the right equipment it may be possible to retrieve data. The question is - is the data transmitted encrypted at all?

    I just did a quick google search out of curiousity and the Logitech keyboard I found claimed that data between the keyboard and the USB mini-receiver is encrypted. I found a couple of mentions of MS keyboards being encrypted as well.

    I'm curious now - anyone know how the encryption on a wireless KB would work? There's what, 100-odd keys on a keyboard... surely, even if it was encrypted the small number of possible keys to be pressed would make it fairly easy to crack it?
     
  6. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    The clicking of the mouse could be used by terrorists to send messages to eachother in morse code.
    This is pure theoretical of course and is just one of my silly ideas :D
     
  7. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Hi Mike,
    I would avoid the Bluetooth variants due to poor security implementation and vulnerabilities.
    Logitech's current crop of mice and keyboards communicate via FastRF at 27 MHz (Bluetooth is 2.4GHz). 27Mhz is the same frequency as remote controlled cars and CB tranceivers (not important, just interesting). It is interesting that Logitech decided to go for a low frequency low power option rather than bluetooth. Besides going for the faster response time gamer's want, they probably wanted to get away from all the bad press bluetooth has been getting.
    Logitech gives VERY little info on the encryption implementation of their new FastRF. Only that you enter a 16 digit key to start encryption, that's it.
    It is unclear if FastRF is used for only the mouse or both the mouse and keyboard. It may be that they use FastRF for the mouse and bluetooth for the keyboard.
    I do like the fact that FastRF is low power and has only about a 6 foot (1.8m) range as opposed to bluetooth which has a 33-328 foot (10-100m) range.
    This means that even if current bluetooth sniper snooping technology could be adapted down to 27MHz (and provided that 27MHz would degrade with distance at the same rate as 2.4GHz, which it doesn't), the attacker would need to be within about 48 ft.
    With bluetooth on the other hand, your attacker could be from 264 feet to half a mile (2,640 feet) away.
    We are talking about a VERY sophisticated attack though and this does not take walls and interference into account.
    Bluetooth was also designed to be a much more open communication protocol (everything connecting with everything) which opens many doors.
    FastRF seems to be limited to the mouse and keyboard, but there is not enough info to make an informed decision yet.
     
  8. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    If the parent poster is typing things into his system that would require an organised group to construct a BT-Sniping rifle, and perch for hours watching him then I think the wireless KB is the least of his security worries.

    .. <visions of black helicopters and "agency" guys tossing his house while he's at work>.
     
  9. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    My sons logitech wireless keyboard will transmit about fifteen feet reliably and intermitent up to approamatly twenty five feet.
     
  10. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    Good point.
    Average users (like me) won't have to be concerned about this type of thing for some time if ever from a security standpoint. It requires too much skill and specialized hardware to be worth using against us. Big corporations maybe.
    However, If I have a choice, I personally don't like to use communication tech that is poorly designed security wise like bluetooth. It has been shown that the encryption is weakly implemented and easy to crack.
    Whether FastRF suffers from the same problems as bluetooth, only Logitech knows.


    unregd,

    Are wireless mice a privacy problem? No, not yet.
    Securing a Wireless LAN connection with good encryption would be more of a concern today because of the ease of getting war driving gear.

    Is a wireless mouse a risk to security/privacy?
    Yes, but to the average user, the risk is so small that it should not prevent you from the convenience that a wireless mouse offers. At least on the surface, the Logitech FastRF mice look more secure than bluetooth if for nothing more than its more limited range.
     
  11. Devinco

    Devinco Registered Member

    Joined:
    Jul 2, 2004
    Posts:
    2,524
    BigC,

    Do you know if the keyboard uses FastRF or Bluetooth to communicate?
    If not, what model is it?
     
  12. goodquestion

    goodquestion Guest

    Just my opinion but there's no way I'll touch one of those wireless keyboards or mouse. Just the thought that someone could log my keystrokes and not even have to be in my house/office, makes me sick. Thanks anyway, but I'll stick to a wired connection and know that there's one less way I could be keylogged or monitored in some way. Also just because some form of encryption can't be cracked today, doesn't mean it won't be cracked tommorow.
     
  13. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I wouldn't use a wireless keyboard/mouse either, but not for security reasons.
    I don't like to replace the batteries and certainly not when both devices need different types of batteries.
    I don't see the advantage of "Wireless Freedom" either.
    My keyboard/mouse is always on the same spot and I don't need another spot.
    If I put my keyboard/mouse on the kitchen table, I can't see my monitor anymore. Big freedom, pfffft.

    Who is going to spy on me with expensive/sophisticated equipment anyway.
    I'm just an average man with a job and bankaccount. Sounds a little far-fetched to me.

    I have a wireless headphone with a coverage of more than 300 feet and that's very practical.
    This headphone works in every room of my apartment, even on the street, if I don't go to far.
    That's what I call "Wireless Freedom". :)
     
  14. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    I'm with you on that one, ErikAlbert - pay extra, consume batteries... useful in a meeting room, maybe... or for a demo... but for everyday use, give me a standard MS keyboard (or a decent Logitech one), an optical mouse (complete with wires) and I'm happy.

    As for the original question - "Is wireless mouse a privacy problem?"

    Only if you write your credit card number and security code on it, sign it - and then leave it somewhere :D
     
  15. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    LOL. I have a funny story about my bank card too.

    When I got my very first bank card, I wasn't really familiar with using my bank card.
    My bank has a separate room for bank card terminals and I can only unlock the door to that room, using my bank card.
    So I put my bank card in one of these terminals, got my money, but I forget to remove my bank card from the terminal.
    I leave the room and then I realized I forgot my card, but the door was already locked and I couldn't get in anymore, because my bank card was still in the terminal.
    So I decided to wait until somebody else came along for money, but through the window I saw my card swallowed by the terminal.
    I had to go to the bank, tell my silly story in order to get my bank card back. :)
     
  16. snoopster

    snoopster Guest

    I guess you have never heard of criminals then? Some criminals are very sophisticated and will rob whoever they can, that they feel can be taken advantage of. Even if you only have $50 in your bank account. And what makes you think they would need expensive equipment to intercept the signal from a wireless keyboard? Of course there are plenty of other ways to get the info they want too. ;)
     
  17. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I'm still not scared, because I don't use my credit card on the internet and in case you didn't notice, I don't use a wireless keyboard/mouse either.
     
  18. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  19. herbalist

    herbalist Guest

    It would seem that 27mhz should have a lot more range. Interesting that you mention CB using those frequencies. 4 watts was enough power to consistenly communicate with others at 50 miles, and that's with non-directional antennas. I don't see where the equipment would need to be that sophisticated to pick up a wireless keyboards transmission. A small wirewound antenna stuck to the side of your house or hung in a nearby tree or shrub should be possible. If you weren't actually looking for such a device, it's unlikely you'd ever see it. Something like that could easily be planted by someone pretending to read the electric or gas meter.
    True, it's unlikely that anyone would go this far, unless someone really wanted to investigate you. In the majority of cases, it wouldn't be necessary. There's easier ways to log a keyboard. Even so, with the paranoia that some of the "powers that be" are displaying since 9/11, no extreme measure would really suprise me that much.
    Rick
     
  20. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    Rasheed187,

    That's an interesting read. I really have a hard time understanding how the product designers could be so naive. Only two security codes on the HP keyboard? Amazing. Think about it. Three keyboards in close proximity - think small office - have a 100% probability of sharing an ID. Also, please note the date on this article - Jan 21, 2003 - it is a little dated at this point.

    The thing is, technically this problem is isomorphic to the so-called Birthday problem - What's the probability that two people in a room of N people share the same birthday? In this case the room is determined by the number of keyboards within mutual range. The approximate relation for probability of overlap is given by
    Code:
    P = 1 - exp(-n²/(2N))
    Simple consideration of the approach discussed in the Register article demonstrates how inadequate the HP response of increasing to 256 ID's really was (remember though, this was almost 3 years ago).

    Current wireless solutions range from reasonable to very secure. Some of the higher priced Logitech wireless keyboards do allow use of a user set 40 encryption key if desired. For general home use, this is absolutely much more than adequate. As it is, I feel perfectly fine using a non-encrypted wireless. I have 2 Logitech LX-300 wireless systems in my house. They use a 12 bit ID (= 4096 ID's), so overlap is nonexistent for me (< 0.05% expected probability of same ID occuring in my house) locally. Naturally, your situation and desires may vary. If so, jump a level and get an encrypted solution.

    Blue
     
  21. unregd

    unregd Guest

    I would like to thank all you folks for the feedback, this is much appreciated
     
  22. unregd

    unregd Guest

    Very good
     
  23. heyUthere

    heyUthere Registered Member

    Joined:
    Sep 30, 2005
    Posts:
    8
    I do not trust anything wireless and you should not. We must not be native to think that we know all the capablitiles of anyone like governements with their black budgets. That's what their meant for anyway.

    The TEMPEST ATTACK.
    Monitors that contain a CRT system contain an electron gun in the back of the picture tube which transmits a beam of electrons. When the electrons strike the screen they cause the pixels to light up (fluoresce). This beam scans across the screen from top to bottom very rapidly in a repetitive manner, line by line, flashing on and off, making the screen light and dark thus creating the viewed image. These changes in the high voltage system of the monitor generate the signal that TEMPEST monitoring equipment receive, process (reconstruct) and finally view.

    It's it illegal to shield your PC from emanation monitoring. That says enough. and with a wireless mouse that is more information to add because the tempest is still an impratical attack. http://www.surasoft.com/articles/tempest.php
     
  24. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,654
    Location:
    Sydney, Australia
    There is a line between a sensible set of security precautions, and paranoia. If the government wants to obtain information about you, there are numerous ways that it can do it - presumably starting with subpeona/warrant issues against ISP, through to back-room beatings and Guantanamo bay.

    Since Tempest is impractical, I would imagine that there are plenty of other ways that they could resort to *first* before trying this particular approach. Credit card records, ISP logs, specific monitoring software installed to bug you, bugging your home, phone, interviews with neighbours.

    I would suggest that *most* users should concern themselves primarily with attacks from the criminal element with an endgame of financial fraud, or identity theft since these are much more likely.

    Don't take me wrong - I am philosophically opposed to governments gathering interesting nets of data on every citizen under the guise of "terrorism prevention" - but I have not, nor do I intend to start constructing my headwear from tinfoil. Not yet, anyway.

    Mike

    Of course - I use an LCD monitor so I guess I am tempest-immune anyway :D
     
  25. heyUthere

    heyUthere Registered Member

    Joined:
    Sep 30, 2005
    Posts:
    8
    Hey Nash, I do respect the opinions of others. Why would there be things on the maket for cilivians to protect themselves (if you pay attention ,news, laws, excu. orders, I may not have to explain this)Can you bet your life on your LCD display? Do you have evidence? I should have made myself clear before... I believe Tempest attack is impratical for your normal independent attack and not your typical agency like the NSA with a $ 20 million electric bill (which is the only money info they are even willing to disclose, and you have to look hard for that).

    There are too many people to jump the gun to say "it is okay" and not "this is not good enough" Being too paraniod will never work against you, you will never be caught off guard. You will not fall under a false sense of security. Why not make it harder for the attack. (Hey if you do not want to be paraniod, it is okay, being to cautious will work against you).

    Yes, it is true but they all ready have that ability (official or not, with or without laws) But come on, They want more and more ways. There is evidence of that everywhere. I love how "terrorism prevention" seems to fall on everyone, It is a wonderful excuse.
     
Loading...
Thread Status:
Not open for further replies.