Sniffing RF hardware communication packets

[Travis Goodspeed] put together a proof of concept hack that sniffs wireless keyboard data packets. He’s using the Next HOPE badge that he designed as the hardware platform for these tests. It has an nRF24L01+ radio on-board which can easily communicate with 2.4 GHz devices.

The real trick comes in getting that radio to listen for all traffic, then to narrow that traffic down to just the device from which you want data. He covers the protocol that is used, and his method of getting around MAC address verification on the hardware. In the end he can listen to all keyboard data without the target’s knowledge, and believes that it is possible to inject data using just the hardware on the badge.

Comments

  1. Digital says:

    man, you could easily make people think that they had some old school “back oriface” installed on their system if you could inject…

    just saying.

  2. Michael L. says:

    Really, rickrolling someone with the Next HOPE badge? That would be hilarious, and annoying. Good writeup though. Security isn’t really my forte but even I understood 99% of what was going on.

  3. Gert says:

    And even if its wired you could electromagnetically read it out from a distance.

    I’m building me a shielded keyboard.

  4. Whatnot says:

    I thought all those wireless keyboards always boasted 56bit(or some such odd number) encryption?

  5. Damnit, I need more tinfoil on my keyboard.
    Also, win-R , alt-f2 (for the Linux users), http://www.youtube.com/watch?v=oHg5SJYRHA0
    :D

  6. Oh,yeah… We’re gonna need a lot of tinfoil…

    Seems he’s in good “Company” …

    http://news.firedoglake.com/2014/01/15/nsa-using-radio-waves-to-hack-into-computers/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 91,918 other followers