Rapid7 Announces Check for Critical Wireless Keyboard Vulnerability
Rapid7 NeXpose update includes a check for zero-day vulnerability in wireless
keyboards manufactured by Microsoft, Logitech, and other vendors
BOSTON, Dec. 6 /PRNewswire/ -- Rapid7 the leading provider of Unified
Vulnerability Management (UVM) solutions for large enterprise deployments and
small to medium businesses, announced today NeXpose will include a check for a
zero-day vulnerability found in many wireless keyboards. The impact of this
vulnerability is that an attacker with a directional antenna and a laptop can
eavesdrop on keyboard communications, capturing every keystroke from a
distance of over 30 feet away.
Swiss researchers announced that they had broken the security of wireless
keyboards manufactured by Microsoft, Logitech, and possibly other vendors.
This vulnerability stems from a fundamental design flaw in the RF protocol
used by these 27MHz wireless devices, causing them to be even less secure than
Bluetooth-based keyboards. Certain non-Bluetooth wireless keyboards (including
some manufactured by Microsoft and Logitech) are designed with very weak
encryption that is extremely easy to defeat. The test results demonstrate that
a remote attacker equipped with an antenna can capture every keystroke from
these wireless keyboards.
Wireless keyboards have been sold globally for many years. Logitech and
Microsoft are two major brands in this market area. Their products are sold
over Internet, through business suppliers and in many consumer electronic
stores worldwide.
"This is a critical security issue for many companies. The vulnerability
opens the door for hackers to easily access corporate networks and customer
data. Because these wireless keyboards are sold through many outlets,
companies may not know how many are being used in their networks. Employees
may have these wireless keyboards in their homes," stated Tas Giakouminakis,
CTO of Rapid7. "While many organizations are concerned about 802.11 WiFi
eavesdropping, there has been very little focus on the risks posed by wireless
keyboards. We expect that there will be increased attention to this issue in
the coming weeks."
For more information about the wireless keyboard vulnerability please
review the following -- http://www.dreamlab.net/newsevents/
ABOUT RAPID7
Rapid7 is the leading provider of Unified Vulnerability Management (UVM)
Solutions. Rapid7 NeXpose UVM provides network, database and web application
vulnerability management for enterprises deployments and small to medium
businesses. Since introduced, NeXpose has been sold to corporate enterprises,
Global 2000 companies, and government entities, and serves the full range of
vertical markets across the U.S. and abroad. In addition, Rapid7 provides
compliance products and services for PCI, HIPAA and Sarbanes Oxley. Rapid7 is
headquartered in Boston, MA, with offices in California and the United
Kingdom. For more information on the company and its product, NeXpose, visit
http://www.rapid7.com.
Media Contact Information
David Precopio
Vice President of Marketing and Business Development
Rapid7 LLC
857-288-7354
David_precopio@rapid7.com
SOURCE Rapid7
David Precopio, Vice President of Marketing and Business Development of Rapid7
LLC, +1-857-288-7354, David_precopio@rapid7.com
© Thomson Reuters 2009 All rights reserved
Rebels blamed for Philippines blast
