jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
edit:
January 8th, @04:58PM
|  Any SECURE wireless keyboard available?
Im pretty tired about trying and trying and asking and asking manufactorers and resellers about this issue. Maybe you could help me?
I want secure wireless keyboard (and mouse if possible). I mean really, honestly secure. In practice that means bluetooth keyboard, that:
1) Can be forced to allow only authenticated and encrypted connections.
2) Can be putted to "hidden" state.
3) Can have its default PIN securely changed to something like 16-marks long and random.
4) Can have its default name/MAC changed.
5) Can only be paired manually (ie. pushing the button).
Parts 1 and 3 are ABSOLUTELY MUST, others are bonus.
So far I havent seen any wireless keyboard that would allow that. Asked about several keyboards and got either "we cant comment" or "this is secure" blahblahblah BS. And I really, really need wireless keyboard. Im actually pretty pissed off.
Bluetooth specification CONTAINS all these elements. I cannot understand, how is it possible that any device can even be sold as "bluetooth device", when, in fact, it does NOT follow the bluetooth specs at all! Its same as selling you WLAN hardware labeled as "802.11n" or "WPA2-PSK", when in reality all it has is some crappy homegrown snakeoil "encryption" system and not the security features that the SPECS OF THAT SYSTEM SPECIFY!
AAAAARRRGHHH!!!
Please, help me out here! Do you KNOW about ANY secure wireless keyboard system? No, dont bother posting manufactorers "info" about "secure system" that really is nothing but snakeoil.
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
JohnInSJ
Premium
join:2003-09-22
San Jose, CA
 ·SONIC.NET
| 1&5 are all you need
The StowAway iGo conforms to those. It's one of those fold-out portable jobbies, I got it for my WM phone.
- note that most BT HID devices are not discoverable unless they are in pairing mode. Most HIDs only allow connections to partnered devices, only support 1 partner, and allow secure as an option
Or am I missing something?
(Oh, and no wireless keyboard is secure. Nothing beats a wire to avoid all sniffing over the air) |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS | reply to jansson_mark
Wrap tinfoil on the antlers of all the laplander reindeer that graze around your house! 
What is the range of exposure/risk on bluetooth and/or wifi mouse-keyboard setups?? |
|
JohnInSJ
Premium
join:2003-09-22
San Jose, CA
·SONIC.NET
| said by Anav  :What is the range of exposure/risk on bluetooth and/or wifi mouse-keyboard setups?? anywhere from 3 to 25 feet, depending on the size of the antlers. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
edit:
January 9th, @02:06PM
| reply to JohnInSJ
quote:
1&5 are all you need
Wrong.
BT devices can be forced to drop connection and then you have to repair them. Listening to pairing process gives attacker all the information needed to construct encryption keys, EXCEPT the PIN-code (which he can guess - its easy, mostly PIN is either 0000 or 1234 on devices by default).
The only real security and secret IS the PIN code, thats why you should be able to change it and use long and random PIN on Bluetooth. |
|
JohnInSJ
Premium
join:2003-09-22
San Jose, CA
·SONIC.NET
| Ok, so 1,3,and 5 are good, or a Faraday cage for pairing
Seriously, if you care this much about security, no way in hell are you going to use a wireless keyboard unless you suddenly become insane.
That said, again the $30 cheapo iGo Bt keyboard does 1,3, and 5 - the passcode is entered right on the keyboard every time it is manually forced into a discoverable pairable state. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to JohnInSJ
said by JohnInSJ :said by Anav :What is the range of exposure/risk on bluetooth and/or wifi mouse-keyboard setups?? anywhere from 3 to 25 feet, depending on the size of the antlers. Wrong again.
The range against even homemade bluetooth sniffers is over a mile. The range for semi-pro or pro-sniffers is propably much, much, much longer. Range does not give security in BT.
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to JohnInSJ
said by JohnInSJ :
Seriously, if you care this much about security, no way in hell are you going to use a wireless keyboard unless you suddenly become insane.
I sayed I wanted a SECURE wireless keyboard. I meant what I sayed. Its same as saying I would want secure WLAN. It can be done. The question is, what products allow it and what dont...
quote:
That said, again the $30 cheapo iGo Bt keyboard does 1,3, and 5 - the passcode is entered right on the keyboard every time it is manually forced into a discoverable pairable state.
Link and quote please, what product you are talking about? How can you be sure about that? How long can the PIN be? How do you change it in receiver too?
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
JohnInSJ
Premium
join:2003-09-22
San Jose, CA
·SONIC.NET
| Google for the iGo Stowaway - same one I mentioned on my first post.
There is the manual
»info.igo.com/mobility/datasheets···tter.pdf
You enter the pin on the keyboard during paring, so you can enter as much as you want, and its per-paring, not stored in the keyboard.
My range quote was a joke. Good luck, I'm done here, except to again point out that only a wired keyboard is going to be 100% secure vs wireless attack. So if you are worried about someone 100ft away with a BT sniffer, you have to be bat-poop-crazy to even consider any bluetooth wireless devices.
So, who in the KGB did you piss off, anyway? |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| said by JohnInSJ :
Google for the iGo Stowaway - same one I mentioned on my first post.
Hmmm... Maybe I should have also mentioned, that I need a keyboard with scandinavic letters (Å, Ä, Ö), and that one doesnt support them. But thanks anyway!
quote:
You enter the pin on the keyboard during paring, so you can enter as much as you want, and its per-paring, not stored in the keyboard.
How can you enter the same PIN on the computer, where the BT receiver is?
quote:
My range quote was a joke. Good luck, I'm done here, except to again point out that only a wired keyboard is going to be 100% secure vs wireless attack. So if you are worried about someone 100ft away with a BT sniffer, you have to be bat-poop-crazy to even consider any bluetooth wireless devices.
Well, the range is really 1 mile. Not 100ft.
quote:
So, who in the KGB did you piss off, anyway?
I could tell you, but then I would have to kill you.  |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS
| I would suggest that someone with such concerns is probably working within an organization that has the resources to produce/clandestinely purchase such devices.
Are you sure its not Jansson Bourne? |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| said by Anav :I would suggest that someone with such concerns is probably working within an organization that has the resources to produce/clandestinely purchase such devices. Freelancers too? |
|
CellRell
@verizon.net | reply to jansson_mark
btw it's said. not sayed. op |
|
BliZZardX
Premium
join:2002-08-18
Toronto, ON
edit:
January 19th, @10:17PM
| reply to jansson_mark
Make your own. Worked for me. |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| reply to jansson_mark
I cannot believe that there is nobody in this whole forum that can point a single secure wireless keyboard?!? Arent there any? Doesnt anyone here use wireless keyboard (and if you do, why if there is no way to secure it properly)?
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
Anav
Sarcastic Llama? Naw, Just Acerbic
Premium
join:2001-07-16
Dartmouth, NS | Assuming that those with concerns use a wired keyboard as a solution? |
|
peter_m
Premium
join:2005-07-13
Canada, QC
edit:
March 11th, @02:03PM
| reply to jansson_mark
I don't think it's something the public is aware of so manufactures cut corners on that issue. If you want to freak out, you should look into wireless head-sets. Security now with Leo Laporte and Steve Gibson, talked about both keyboards and head sets. If I remember correctly they concluded that keyboards don;t have any real protection but that was a few months ago.
Funny story, a security consultant hired to find security holes for a corporation used a cheap receiver to listened to the wireless headsets. He collected enough information to impersonate an employee from a different location. He got a temporary office and a security card issued... this was in a recent episode of security now, like no more then 3-4 weeks ago... real issues that allot of people ignore. You are not paranoid, just ignored by keyboard manufacturers.
Peter |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| said by peter_m :Security now with Leo Laporte and Steve Gibson, talked about both keyboards and head sets. Any idea about what episode was that in? I couldnt find any such things in grc.com site (about those episodes)... |
|
peter_m
Premium
join:2005-07-13
Canada, QC
| Sorry, no. Must be in the last month or two. At grc.com you can look at the transcripts and do a quick search on key words... But you have to do it for evey episode... so 2 months, that's about 8 text files to search. |
|
BliZZardX
Premium
join:2002-08-18
Toronto, ON | reply to jansson_mark
»www.grc.com/sn/SN-130.htm
»media.grc.com/sn/SN-130.mp3 |
|
