Wireless keyboards and encryption/security

Discussion in 'hardware' started by Fly, Apr 7, 2016.

  1. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Lately I have been looking for a new keyboard. Currently I have an old keyboard that dates back to 2004, but it is old. I have a newer keyboard, but it is not exactly 'smooth' typing. Easy to touch the wrong keys in the process of typing.

    These days most keyboards are wireless. I noticed a nice Rapoo 8900P keyboard. However, I cannot find any information about the security of the connection. After all, I have to plug in an USB stick. So there is some kind of network and I don't like opening my computer to a wireless 'network' if I don't know anything about the security/encryption.

    Does anyone have any information about this keyboard ? Or what would be a nice, 'smooth' keyboard that is also secure ? I have no need for expensive gaming keyboards. Actually, the Rapoo 8900P costs about 80 euros so it should have proper encryption, but then ... It appears it is made in China.
     
  2. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    394
    Location:
    The Netherlands
  3. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    @Gandalf_The_Grey,

    Any in particular ? I noticed some Logitech keyboards in that local shop, but I was not impressed with the 'ergonomics' or whatever way one should put it.
     
  4. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    I cannot offer any advice about that Rapoo keyboard but I just put together a new computer for me. I had previously been using the Microsoft Comfort 5000 Wireless keyboard on a couple computers and really liked them. I don't know who makes the keyboards and mice for Microsoft, but IMO, they are great! Smooth but with great "feedback" through the fingers (that is, there is a positive "click" with just the right amount of effort that is not mushy). And I really like the "ergonomic" curved shape too. And while definitely not a compact keyboard, it is not too wide either at only 18.1 inches. This means the keyboard and mouse can both sit on my keyboard tray that slides out from under my desk and still give me enough room to navigate my monitors with my mouse. Many keyboards are 20 inches or wider which does not leave any mouse maneuvering room on my tray. Of course, if you are not limited by a keyboard tray or desktop area, that point may be moot. That said, your Rapoo is just 17 inches so that would not be a problem anyway. But do note being more compact may mean smaller keys and that may or may not be an issue for you.

    While my computers are in a home environment so security/encryption for the short range RF used here is not really an issue. But still, like you, I was interested in encryption. Keyboard encryption is really only a problem if a badguy can get in close proximity to your system (say, within 30 - 40 feet). That would not be possible for me, but still, I take security seriously.

    Then I discovered Microsoft updated the 5000 with the new Wireless Comfort Desktop 5050 keyboard and mouse set. Basically the same keyboard, but with AES encryption.

    Now this is a set - and frankly, I love the mouse too. While I am right-handed, I use my mouse in my left hand and I love the fact it is not contoured - that is, it not shaped for just the right or left hand.

    They have other sets and separate keyboards that are encrypted, as seen here (under the Features drop-down list, check AES to see what they have to offer). And I note if you shop around, they generally are less expensive than the MSRP. For example, Amazon here in the US offers the 5050 set for $44.95.

    Having said all that, keyboards and mice are extensions of our own hands. And everybody's hands are different. What "feels" great to one person may feel totally awkward (even painful) to others. So really, it is best if you can visit a computer store and play touchy-feely with the keyboards yourself. Then decide what to get. Just remember the floor samples have likely been abused.
     
  5. Gandalf_The_Grey

    Gandalf_The_Grey Registered Member

    Joined:
    Jan 31, 2012
    Posts:
    394
    Location:
    The Netherlands
    Using only laptops nowadays the Wireless Illuminated Keyboard K800 looks very nice to me. But you have to try a keyboard yourself. It's very personal.
     
  6. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    @Bill_Bright, for me 40 feet would be within reach of strangers.

    You seem to know a lot about technical issues. 'short range RF' I really know nothing about that sort of stuff, how do these connections relate to wireless networks as networks between wireless routers and computers ? Is it pretty much the same ?
    What what it's worth, the Rapoo one was at 5 Ghz. Then again, made in China with very little documentation.
     
  7. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Yeah, but 40ft is extreme and that's line of sight. If there is even one wall, floor or ceiling in the way, there would be a lot of signal degradation.

    The maximum range for wireless networks is about 100m or 300ft. But again, the more obstacles in the way, the shorter that effective range will be.
     
  8. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    722
    Location:
    Toronto
    I just bought a Logitech K830 Illuminated Wireless and BlueTooth kbd.
    I'm using the BT since BT is short range, about 10' (3 meters), with a WinBook tablet.
    Just make sure the Model is 920-007182. The earlier model had only wireless. Price $120CAD.
    Easy to pair, key feel is perfect for me. Touchpad is a bit 'touchy' but OK.
    Top row of keys are either Function keys or Media keys.
     
  9. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Ummm, sorry, but no. Basic BT range is 10 meters (or ~33 feet). And as seen by the specs for your K830 keyboard here, it lists a wireless range of 10m. Now if 3 meters is all you get with that WinBook, then something is wrong with its BT feature.
     
  10. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    722
    Location:
    Toronto
    The 10 m (33 ft) is the wireless range. Meaning 802.11xxxxx with the Unified Receiver in a USB port.
    Instead, the Bluetooth (which is also 'without wires') was said to have a range of about 10 feet.
    However, with a 7" tablet, being even 5' away would make it impossible to see what's on the tablet, I can only see that somethings going on. It was someone else that said useful limit was about 10', which may be true for him and not true for others.
    I use mine within a foot, and that works very well, and having no wire is great!

    Plus Bluetooth is extremely secure in that it employs several layers of data encryption and user authentication measures such as a combination of the Personal Identification Number (PIN) and a Bluetooth address to identify other Bluetooth devices.
     
  11. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Wireless (802.11x) range is, as I already noted, up to ~100m "line of sight" for the newer 11g, 11n and 11ac protocols.

    Now typically, line of sight means outdoors with no obstructions and no nearby sources of interference. Indoor range will naturally be less as there will be walls, floors and ceilings in the way. And metal pipes and wires in the walls can affect reception too, as can other nearby devices that may be emitting RF energy. Nevertheless, wifi range, even in considerably less than ideal conditions is considerably more than 10m.

    I provided a link to your keyboard that shows the BT range is 10m, not 10ft. That is standard - though again that range is affected by obstacles and outside interference. There is a burst mode protocol that can be implemented in some devices for longer ranges, but I have never heard of that being used in typical computer devices.
     
  12. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    722
    Location:
    Toronto
    So Bill, are you trying to beat me up over this?
    Logitech's site specs are:
    • Wireless Protocol:
      • Logitech 2.4 GHz Wireless Technology
      • Bluetooth Smart
    • Wireless range: 10m (33ft)
    They don't mention 100m at all. If they mean 10m for both protocols, fine. But you may be right earlier when you said that the 'problem' could be the tablet or TV. In any event, I've said all I want to on this, if you want to fill another page, go ahead.
     
  13. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    Based on what little I've read in the past, I think some wireless keyboards and mice use proprietary protocols while others use [sometimes tweaked] common protocols. Larger companies with roomy pockets and technical expertise could roll their own wireless system, but many would look to use commercially available chipsets that are designed for low power systems. Through searching you may be able to zero in on what Rapoo is using in their peripherals. If it is a commercially available chipset, you could then try to find a sales sheet, datasheet, and/or programmer's reference manual. Which would shed light on the wireless protocol and any unique characteristics of that. If you can find, or perform yourself, a tear-down you might be able to spot a chip number and lookup the manufacturer.

    You can look for the company being mentioned in one of the presentations made by researchers/hackers. There have been some articles on intercepting/decrypting wireless peripheral comms, mimicking/broadcasting traffic that the peripherals would produce in order to compromise host computers that way, etc.

    If you know someone who has one and are up for the challenge, you could also do some sniffing of protocols you think might be in use.
     
  14. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    No, I am not trying to beat you up over anything. I just don't want you, or others reading to be misinformed so I'm pointing out the industry standards that, sadly, you don't seem willing to accept. I provided a link to your BT keyboard that shows 10m (33ft). BT is a short range RF protocol.

    Wifi is a longer range protocol using a much stronger RF signal strength so 33ft is simply ridiculously short. I don't have a big house (a raised ranch with 1180 sq ft on the main floor, about 27x43). If 33ft were the range, I could not reach from my dining room to my back bedroom. But I can easily - even down in the basement on the opposite end with no problems and that's through a floor and 2 walls (one made of cinder block).

    Use your cell phone (if it supports wifi) or notebook and search for wifi networks. Unless you live way out in the boonies with nobody else around, I bet you can see several neighboring networks that are much farther away than 33 feet. If 33ft were the normal range, almost everyone would need range extenders but most home users don't.

    But don't take my word on it! See this then I will drop it: Wireless Wifi 802.11 a, b, g, n, ac, ad, ah, aj, ax, ay Router Range and Distance Comparison. Note that the shortest outdoor range is 100m (330ft). And the shortest indoor is 20m (66ft) - and those are with the woefully outdated and superseded 802.11 "base" protocol. The ranges for 802.11n (the most common today) is 70m (230ft) indoor and 250m (820ft) outdoor.

    So Logitech is right about BT range being 10m. But if they are telling you wifi only has a range of 10m, then they are simply wrong!

    (edit comment: fixed typo)
     
    Last edited: Apr 9, 2016
  15. jwcca

    jwcca Registered Member

    Joined:
    Dec 6, 2003
    Posts:
    722
    Location:
    Toronto
    I tested my setup by turning both the tablet and kbd on and went about 50 feet away down a long hall with lots of walls between.
    I pressed enter on the kbd to get to the logon pwd prompt, keyed the pwd and returned to the tablet. It had received the Enter and opened the prompt but the password was not accepted (or completely received?).
    I repeated at about 40 feet and was able to log on so in my practical experience, the kbd BT exceeded the Logitech spec of 33 feet. And the OP was conerned about a 40' range, so he'd have to have confidence in the encryption and multi-layer security that may or may not work.
    I can't see any other networks, I live on a 76 acre estate, in the middle of a dense forest, in a 72' x 56' house with foot thick walls, so I'm not worried about someone breaking into my system, theoretically or practically.
     
  16. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Right - but since we don't know his environment such as the number of walls, floors, ceilings between endpoints; the composition of those barriers; or the pipe and wire content within them; or the existence or proximity of any EMI/RFI emitting devices, his mileage may vary greatly.
    I'm envious.

    Most badguys are opportunist. They may install a readily available packet sniffer (I use and recommend XIRRUS WiFi Inspector) on a notebook to snoop out available networks, but quickly move on to "easier pickings" if nothing is available or if encryption is enabled; or they see the defaults have not been changed (it's amazing how many never bother to change them).

    In your case, most likely a badguy would have to be deliberately targeting you or someone in your household for some personal reason and would have to be parked within a few hundreds yards and pointing a directional antenna at your house. Not something that could easily just blend into the trees without some serious camouflage. So yeah, you are probably safe! ;)
     
  17. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Well, I live right in the middle of a city. In an apartment. Plenty of people, lots of traffic.
    I am not a 'target' but I just don't like installing an 'open door' on my computer. People catching clicks from my keyboard is actually less interesting than accessing my computer through the 'network', if I can even call it that !
     
  18. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Less interesting and much less likely too.

    But an unencrypted wireless keyboard is not really an "open door". It may not be locked and dead-bolted, but it is not exactly wide open either. A bad guy would still have to get in close proximity. But also, because the antenna in RF keyboards are "omnidirectional", it would be difficult to determine the direction (which apartment) any signals were coming from. Also, wireless keyboards operate in the same frequency range as all BT devices - including headphones, cell-phones, remote speakers and every other BT device. And many other wireless devices (cordless phones, most wifi networks, and more) operate in this same 2.4GHz frequency too. In fact, they all operate in a tiny 83MHz band on separate channels that are just 1 to 22MHz wide. So even if they did pick any signals, the badguy would have to be pretty sophisticated and have some pretty sophisticated monitoring equipment to isolate your keyboard out of all that, then encryption breaking code to see what keystrokes you are entering. And even then, he would only have one side of that conversation. That is, the webpage prompting for your password is sending that request over the video cable to your monitor, not via RF to your wireless keyboard.

    So it is typically much easier to hack into a wireless network than it is a keyboard because sadly, so many people leave the WAP (wireless access point - often integrated with a "wireless router") settings at the factory default settings - which are widely published and easy to fine through Bing Google. And many users set the SSID and wifi passphrase to something any nosey neighboring whiz kid could easily figure out. It's amazing how many use their kid's or pet's name. :(

    Then any bad guy can easily access their network and start hacking their connected computers, or more commonly just use their network for free. Often the badguys then use their target's network to send spam or malware or participate in other nefarious deeds under their IP address.

    Any way - if buying a new wireless keyboard I say sure, make sure it is AES encrypted. But if your current wireless keyboard does not encrypt, I would not rush out and buy one that does - unless there is some potentially very lucrative reason a bad guy would be targeting you specifically. If you worked with classified or very sensitive data, in a bank, medical or insurance office or the like.
     
  19. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    @Bill_Bright,

    Maybe I was not clear. The 'risk' in question was someone accessing my 'network' (if I can call it that) that consists of the connection between the keyboard and the USB stick in the computer !

    I'm not a techie and don't know how doable (if at all) that is.
     
  20. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Ah! Thanks for clarifying. Rest assured, it is totally impossible for anybody to access a network via the wireless connection between a Bluetooth keyboard and computer. 100% totally impossible!

    Your "network" is everything on your side of the "gateway" device - essentially, everything on your side of your modem, or your router. Even if you only have one computer connected, that is your network.

    The "link" between your keyboard and your computer is not a network. It is just a communications link. While there have been reports lately of badguys being able to hack into this link and take control of your computer, that is based on a 5 year old article and with regular RF keyboards - that is, not BT keyboards. This "old" news is just now getting attention because someone last year posted a tutorial as seen in this ARS Technica article to create a "Keysweeper" device disguised as a USB charger. But note the badguy must some how get into your home and plug this device into your wall without you knowing it. In other words, an inside job by someone you know, or a covert operation by someone or some organization targeting you.

    If you watch the video, note around 2m 55s into the video the inventor of this keysweeper device specifically says he is talking about the Microsoft keyboards that do NOT use Bluetooth or regular wifi.

    So again, if me for my home computers, I would not run out and buy all new BT keyboards. But when I need a new wireless keyboard, I will ensure it is BT and uses "AES" encryption.

    Ultimately, if still worried, just get a wired keyboard.
     
  21. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    @Bill_Bright,

    Thanks for the explanation.

    So I take it is impossible to 'hijack' this link. Except maybe by the NSA ...

    What I like about the (better) older keyboards is that typing is just easier. The keys are more elevated, you press deeper, you're less likely to touch any other keys by accident. More like a typewriter.
    That Rapoo one was nice, a bit Apple like. I'm just not sure why most modern keyboards have to feel as if it's really cheap stuff ... I did try a few Logitech keyboards, but those didn't 'feel' as if they were worth the money.
    Gaming keyboards over 100 euros/100 USD just didn't seem to make sense for my purpose.
     
  22. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Yeah, it is hard enough for a bad guy just to see your encrypted keystrokes to begin with. Then considerably harder still to decrypt them and know what they say. But to hack into, then hijack the link and be able to interject their own keystrokes into your computer... well that's a whole nother level!

    Yeah the big old Northgates and IBM keyboards from many years ago were certainly some of the best ever keyboards ever built.
    Because many are really cheap stuff.
     
  23. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    So which of you two dug up the RF/protocol details for the Rapoo 8900P keyboard/mouse combo asked about, including what if any encryption it supports? Sources please, I'm curious.
     
  24. Bill_Bright

    Bill_Bright Registered Member

    Joined:
    Jun 29, 2007
    Posts:
    2,272
    Location:
    Nebraska, USA
    Well, you could have easily done a simple Google search yourself to see the full name of the keyboard is Rapoo Blade 8900P 5G Wireless.

    I did just that and found several reviews and lists of specifications but none mentioned anything about encryption. All we really know it is it uses 5GHz (not BT) wireless but there was no mention anywhere about encryption. That tells me it has no encryption otherwise, surely the product's (or seller's) marketing/PR people would insist it be listed. We also can easily see via Google that this keyboard is branded by at least three different brands; Auawak, Arion and FOM. But I cannot find the OEM.
     
  25. TheWindBringeth

    TheWindBringeth Registered Member

    Joined:
    Feb 29, 2012
    Posts:
    2,089
    I didn't even have to search for that... Fly told us it was 5 Ghz :) But I did search, and didn't find enough. One resource I didn't mention in my early post: FCC ID search... https://www.fcc.gov/general/fcc-id-search-page or https://fccid.io/

    https://fccid.io/PP2E9270P
    https://fccid.io/PP27800P

    Applicant: Shenzhen Rapoo Technology Co., Ltd. Operates on 16 channels, 5.727 to 5.804. Shrug. FWIW, one thing I was interested in is how the keyboard/mouse is paired with its receiver *at the factory*, for I suspect this could have bearing on whether or not the factory has the information necessary to capture/decrypt setups in the field.
     
Loading...