BrokenStrokes: On the (in)Security of Wireless Keyboards
This exposes a critical security vulnerability for users of wireless keyboards, with incremental improvements in attack range and robustness.
The authors tackled the problem of privacy leakage in wireless keyboards by proposing BrokenStrokes, an attack that detects specific keywords via eavesdropping, achieving over 90% success probability at distances up to 15 meters.
Wireless devices resorting to event-triggered communications have been proved to suffer critical privacy issues, due to the intrinsic leakage associated with radio-frequency (RF) emissions. In this paper, we move the attack frontier forward by proposing BrokenStrokes: an inexpensive, easy to implement, efficient, and effective attack able to detect the typing of a pre-defined keyword by only eavesdropping the communication channel used by the wireless keyboard. BrokenStrokes proves itself to be a particularly dreadful attack: it achieves its goal when the eavesdropping antenna is up to 15 meters from the target keyboard, regardless of the encryption scheme, the communication protocol, the presence of radio noise, and the presence of physical obstacles. While we detail the attack in three current scenarios and discuss its striking performance--its success probability exceeds 90% in normal operating conditions--, we also provide some suggestions on how to mitigate it. The data utilized in this paper have been released as open-source to allow practitioners, industries, and academia to verify our claims and use them as a basis for further developments.