Hacker creates a USB charger that can steal banking details remotely

The £6 'spy box' that tracks EVERYTHING you type: Hacker creates a USB charger that can steal banking details remotely

• KeySweeper device was created by security researcher Samy Kamkar
• The covert device looks, and works, like a typical USB wall charger
• It ‘sniffs’ and logs keystrokes made on nearby wireless keyboards 
• Device sends these decrypted, logged keystrokes to a hacker remotely
• It can even alert a hacker by text message if a certain combination of keys is typed, such as web address for online banking or a credit card number

For just £6, a hacker can create a covert device that tracks everything you type on a keyboard including usernames, credit card details and banking passwords.

The device, called KeySweeper, was built by a Poland-based security researcher and works with a range of wireless keyboards.

Once connected, the small USB wall charger remotely decrypts, logs and sends keystrokes to a hacker using specially designed software. 

+3

The device, known as KeySweeper, looks and works like a typical USB wall charger (pictured), but uses a built-in chip to ‘sniff’ for keystrokes typed onto nearby wireless keyboards. All of these strokes are then decrypted, logged and sent to a hacker over the web 

KeySweeper was built by hardware hacker Samy Kamkar using an Arduino board, USB charger and Microsoft wireless keyboard.

These keyboards use a specific chip that runs on a frequency known as 2.4GHz RF protocol, which is how the communicate wirelessly.

As keystrokes are typed on wireless keyboards, they are typically encrypted as they move from the keyboard to computer.

By determining which chip a keyboard uses, Mr Kamkar can figure out how to decrypt these keys.

HOW KEYSWEEPER WORKS 

KeySweeper was built by hardware hacker Samy Kamkar using an Arduino board, USB charger and Microsoft wireless keyboard.

These keyboards use a specific chip that runs on a frequency known as 2.4GHz RF protocol, which is how they communicate wirelessly.

As keystrokes are typed on wireless keyboards, they are typically encrypted as they move from the keyboard to computer. 

By determining which chip a keyboard uses, Mr Kamkar can figure out how to decrypt these keys.

Once set up, the charger is plugged into the wall and ‘sniffs’, or ‘listens’ to all the keys the user types.

These keys are decrypted, logged and sent back to a hacker over the web, remotely, using Mr Kamkar’s KeySweeper software.

The technology can be configured to record everything, and even send a text to the hacker if a certain combination of keys is pressed.

Once set up, the charger is plugged into the wall and ‘sniffs’, or ‘listens’ to all the keys the user types.

These keys are decrypted, logged and sent back to a hacker over the web, remotely, using Mr Kamkar’s KeySweeper software.

The technology can be configured to record everything, and even send a text alert to the hacker if a certain combination of keys is pressed.

For example, if the user types the URL for an online banking site, or enters a 16-digit number, which suggests it could be a credit card number.

And even if KeySweeper is unplugged, an internal battery will keep it running - although the battery life depends on the battery used.

The range of the KeySweeper is said to be on par with a standard Bluetooth device, at around 32ft (10 metres). 

Mr Kamkar used Microsoft keyboards, in particular, because they use the same protocol encryption, meaning once he had decrypted one, he could decrypt others.

In theory though, this process could be applied to any wireless keyboard.

Mr Kamkar has released the source code and instructions for building a KeySweeper, but advises against people doing so without an electrical background.

Last year, Israeli researchers created keylogging software that can steal keystrokes from computers even when they're not connected to the web, using so-called 'air gaps.'  

+3

The logged, decrypted keystrokes are sent to a hacker remotely using the KeySweeper software (pictured). The technology can be configured to record everything, and even send a text alert to the hacker if a certain combination of keys is pressed, such as the web address for online banking or a credit card number

+3

Samy Kamkar (pictured bottom right) has released instructions (video grab pictured) for building a KeySweeper, but advises against people doing so without an electrical background. Mr Kamkar used Microsoft keyboards (pictured top) as an example because they use the same protocol and encryption

An air-gap or air wall is a network security measure.

It was designed to make sure secure computer networks are physically isolated from unsecured networks, such as the internet or a local area network.

The researchers from Israel designed computer software that logs keystrokes, and this software transmits these strokes via FM radio signals generated by the computer's graphics card.

The data is picked up by a nearby mobile, equipped to pick up radio signals.

In the example case, the researchers used a Samsung Galaxy S4 and had to plug in the headphones to get the radio receiver to work.

This can be done without being detected by the user, but does rely on the software being installed on the computer in the first place.

Since FM radio signals can travel over long distances, the receiver could be placed in another building.