Rapid7 Announces Check for Critical Wireless Keyboard Vulnerability
Rapid7 NeXpose update includes a check for zero-day vulnerability in wireless keyboards manufactured by Microsoft, Logitech, and other vendors
BOSTON, Dec. 6 -- Rapid7 the leading provider of Unified Vulnerability Management (UVM) solutions for large enterprise deployments and small to medium businesses, announced today NeXpose will include a check for a zero-day vulnerability found in many wireless keyboards. The impact of this vulnerability is that an attacker with a directional antenna and a laptop can eavesdrop on keyboard communications, capturing every keystroke from a distance of over 30 feet away.
Swiss researchers announced that they had broken the security of wireless keyboards manufactured by Microsoft, Logitech, and possibly other vendors. This vulnerability stems from a fundamental design flaw in the RF protocol used by these 27MHz wireless devices, causing them to be even less secure than Bluetooth-based keyboards. Certain non-Bluetooth wireless keyboards (including some manufactured by Microsoft and Logitech) are designed with very weak encryption that is extremely easy to defeat. The test results demonstrate that a remote attacker equipped with an antenna can capture every keystroke from these wireless keyboards.
Wireless keyboards have been sold globally for many years. Logitech and Microsoft are two major brands in this market area. Their products are sold over Internet, through business suppliers and in many consumer electronic stores worldwide.
"This is a critical security issue for many companies. The vulnerability opens the door for hackers to easily access corporate networks and customer data. Because these wireless keyboards are sold through many outlets, companies may not know how many are being used in their networks. Employees may have these wireless keyboards in their homes," stated Tas Giakouminakis, CTO of Rapid7. "While many organizations are concerned about 802.11 WiFi eavesdropping, there has been very little focus on the risks posed by wireless keyboards. We expect that there will be increased attention to this issue in the coming weeks."
For more information about the wireless keyboard vulnerability please review the following -- http://dreamlab.net/newsevents/
ABOUT RAPID7
Rapid7 is the leading provider of Unified Vulnerability Management (UVM) Solutions. Rapid7 NeXpose UVM provides network, database and web application vulnerability management for enterprises deployments and small to medium businesses. Since introduced, NeXpose has been sold to corporate enterprises, Global 2000 companies, and government entities, and serves the full range of vertical markets across the U.S. and abroad. In addition, Rapid7 provides compliance products and services for PCI, HIPAA and Sarbanes Oxley. Rapid7 is headquartered in Boston, MA, with offices in California and the United Kingdom. For more information on the company and its product, NeXpose, visit www.rapid7.com/.
Media Contact Information
David Precopio
Vice President of Marketing and Business Development
Rapid7 LLC
857-288-7354
David_precopio@rapid7.com
Source: Rapid7
Web site: www.rapid7.com/
http://dreamlab.net/newsevents
