Warning! Keyloggers disguised as USB chargers

The FBI has issued a warning that keyloggers designed to look like and also work as USB device chargers have been found to be in distribution. The device, called KeySweeper was created by whitehat hacker Samy Kamkar.  According to Samy,  “KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.

All keystrokes are logged online and locally. SMS alerts are sent upon trigger words, usernames or URLs, exposing passwords. If unplugged, KeySweeper continues to operate using its internal battery and auto-recharges upon repowering. A web based tool allows live keystroke monitoring.”

Samy shared a detailed video of how KeySweeper is designed on his website. It is suspected that someone has gone ahead to use that description.

The security risk of having such a device in an office environment is highly inestimable. The FBI offered advice to companies and office workers on how to mitigate the KeySweeper threat, and they include using wired keyboards, wireless keyboards with strong encryption, or keyboards using Bluetooth (with additional precautions to protect against a similar type of data-harvesting attack).

They also advise workers to keep an eye for suspicious chargers plugged into office outlets and remove them

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s