E ci sono delle attenuazioni se non utilizzando una tastiera cablata?
Ecco qualcosa di interessante dal blog di Bruce Schneier :
Many wireless keyboards have a security vulnerability that allow someone to hack the computer using the keyboard-computer link. (Technical details here.)
An attacker can launch the attack from up to 100 meters away. The attacker is able to take control of the target computer, without physically being in front of it, and type arbitrary text or send scripted commands. It is therefore possible to perform rapidly malicious activities without being detected.
Puoi trovare sul mercato delle tastiere wireless sicure, che utilizzano la connessione wireless criptata 128-bit AES
sul tuo computer, così puoi verificarlo.
Un'altra utile informazione da white paper Logitech :
Encryption
Computer keyboards process very private or sensitive information like passwords, credit card numbers, or personal messages. Since the range of an Advanced 2.4 GHz device may reach several tens of meters in an open environment, it is critical to take adequate measures to prevent eavesdropping.
Advanced 2.4 GHz applies state-of-the-art encryption to the keyboard reports. Since the displacements of a mouse would not give any useful information to a hacker, the mouse reports are not encrypted.
Encryption is limited to the wireless link between keyboards and the receiver. Encryption is totally transparent to the software which receives clear data from the receiver over the USB. This means that the Advanced 2.4 GHz encryption provides no protection against hackers who are able to get physical access to the PC, or who are able to remotely install spy software on the PC.
The encryption applies to all standard keyboard keys (a, s, d, f...) and modifiers (Shift, Ctrl, Alt...). The multimedia keys (Play, Pause, Mute...) that may be implemented in some keyboards are transmitted in clear text.
Encryption Algorithm
The encryption method consists of hiding the wireless messages with a cryptogram. The selected algorithm is the AES 128-bit cipher, which has been adopted as an encryption standard by the US government. As of today, the only known way to crack it is to try all possible keys. Even if it was possible to test 1 billion keys per second, billions of years would be necessary to try all combinations.
AES is based on symmetric 128-bit keys, “symmetric” meaning that the same key is used to encrypt a message in the keyboard and to decrypt the message in the receiver.
Generation of Encryption Keys
When a device that requires encryption is paired to a receiver, the pairing process includes the generation of 128-bit encryption keys. The same unique key is constructed both in the keyboard and in the receiver based on random values exchanged during the pairing procedure.
Note that the encryption keys are never transmitted over the air. By spying the packets exchanged during the pairing process, a hacker would not be able to find the encryption keys without knowing the secret algorithm implemented to construct them.
The initial encryption keys are programmed at the factory when the devices are paired to their receiver.
The encryption keys are stored in a non-volatile memory area of the keyboard and receiver. As this is hardware encrypted, software cannot access the keys.
Non sto promuovendo la tastiera Logitech, ho appena preso un esempio di come hanno implementato la crittografia AES con la tastiera wireless.
Se intendi l'uomo nel mezzo, e non le intercettazioni (a cui è stata applicata la risposta precedente), un modo di salvaguardare è prendere la tastiera e il ricevitore da qualche altra parte e controllare che funzioni su un altro computer.
Ad esempio, se fossi paranoico, potrei immaginare che qualcuno al lavoro possa scambiare il mio ricevitore USB con uno abbinato ad un computer nascosto. Scriverò sulla mia tastiera, sarebbe (senza che me ne accorgessi) mandare al computer nascosto che registrerebbe le sequenze di tasti e anche ritrasmettere al ricevitore collegato al mio computer. Ma se prendessi quello che pensavo fosse la mia tastiera e il mio ricevitore da qualche altra parte, non sarebbero stati accoppiati e saprei che qualcosa è successo.
Leggi altre domande sui tag wireless man-in-the-middle