FBI Warning, Fake USB Chargers Wirelessly Record Everything You Type
A white hat hacker, Samy Kamkar intorduces a cheap Arduino-based device Last year, which silently records keystorkes of users. Although, this device look exactly like a normal USB mobile charger and also functions same. However, it covertly decrypted, logged and reported back all kinds of keystrokes used on nearby Microsoft wireless keyboards. Well, this amazing device is known as KeySweeper, which makes use of a web-based tool in order to monitor keystroke and is also capable of sending alert SMS for typed the keystrokes such as usernames, or URLs. However, the surprising this about this mischievous device is that it even work when it is unplugged as it contains a rechargeable battery.
Well, apart from this proof-of-concept attack platform the security researcher Samy Kamkaralso provided complete instructions which helps to create the users this amazing USB wall charger. Unfortunately the hackers have hackers have taken this in another way and trying to misuse this critical way to harass the the users. Now hackers are using this mischievous device in order to steal sensitive data from organization and individuals. In 2016 we have already witness some very serious hacks. We are still the half way this year and this another mass troubling hack is in line to cause serious issues for the users.
Meanwhile, the FBI has also issued an advisory warning regarding this issue. This warning is for for private industry partners in which it is advised to all to watch out for this highly stealthy keyloggers USB mobile charger which can silently steal users sensitive information like login details and other important data which is input from newarby wireless keyboards. Moreover, in the advisory warning, it has been mentioned that some evil hackers have created their own version of the amazing KeySweeper device and its really a cause of concern for everyone. Well, if the version of KeySweeper device created by hacker strategically placed in any office or other location then it will steal all the keystrokes users input in his wireless keyboard.
Reference : – https://info.publicintelligence.net/FBI-KeySweeper.pdf
Fake USB Chargers Can Steal
- Trade secrets
- Intellectual property
- Other sensitive information
- Personally identifiable information
Since, KeySweeper looks exactly like genuine USB phone chargers which is widely used in homes as well as offices, hence it is simply impossible to know that you can secretly being monitored and hackers have the access of everything that you enter in your wireless chargers. With this device the chances of compromising users is really very high and the damage hackers can do is unthinkable. However, a spokesperson from Microsoft has said that, the customers who are using a Microsoft Bluetooth-enabled keyboards are safe from the KeySweeper fake USB charger. Moreover, its wireless keyboards which are manufactured after 2011 are also not affected by this threat, as they are use an (AES) Advanced Encryption Standard encryption technology which protects users data from KeySweeper.
Hence, the first precautionary measure users should take is to stop using wireless keyboards that are not protected against this vicious fake USB charger. Although FBI have not mentioned if the malicious KeySweeper sniffers is being being detected in wild or not. However, this warning advisory can not be taken for granted. Well, as it is very difficult to recognize this fake usb charger hence it would be quite sensible for the users not to keep their charget in the same place where you have kept your system. FBI has also advised that using a wireless keyboard will be quite safe for the users. Users should now take the precautionary steps quite seriously and stay aware as well as alarmed in order to protect their privacy.