Hit the KeyJack: stealing data from your daily wireless devices incognito
This work addresses security vulnerabilities in everyday wireless devices like keyboards, which could impact users by enabling data theft, though it is incremental as it builds on known eavesdropping risks.
The authors tackled the problem of insecure wireless IoT devices transmitting data in plaintext, introducing KeyJack as a proof-of-concept that successfully eavesdrops on wireless keyboards using low-cost electronics, demonstrating potential for broader application to other 2.4GHz devices.
Internet of Things (IoT) is one of the most fast-growing field in high technologies nowadays. Therefore, lots of electronic devices include wireless connections with several communication protocols (WiFi, ZigBee, Sigfox, LoRa and so on). Nevertheless, designers of such components do not take care of security features most of the time while focusing on communication reliability (speed, throughput and low power consumption). As a consequence, several wireless IoT devices transmit data in plaintext creating lots of security breaches for both eavesdropping and data injection attacks. This work introduces KeyJack, a preliminary proof-of-concept of a solution aiming to eavesdrop wireless devices and hopefully perform injection attacks afterwards. KeyJack operates on widely-used devices: our keyboards! This solution is based on low-cost embedded electronics and gives an attacker or a white hat hacker the possibility to retrieve data from John Doe's computer. This work also shows that this approach could be used to any wireless device using 2.4GHz radio chips like the NRF24L01 from Nordic Semiconductor.