Before James Bond goes on a mission, he usually stops by Q to get some fancy gizmo to help him out. The gadgets usually look harmless but are hiding a vital piece of equipment, like a watch with a hidden garrote in it. You may think that these types of devices are confined to movies, but that’s not the case. There’s a recent example of such a device, and it’s called “KeySweeper.”
The KeySweeper appears to be a normal run-of-the-mill USB wall charger to power your phone. While that is one of the uses of the device, it’s main purpose is to find nearby wireless keyboard signals. The device has on-board memory and stores every keystroke from nearby Microsoft wireless keyboards. Once stored, the device can either be equipped with a chip that sends the data out through a cell phone network, or can be configured to use Wi-Fi instead. In addition, the device can look for specific typed phrases, such as “gmail.com” and alert the attacker immediately for quicker access to your data.
Even when the device is not plugged into the wall, it’s still listening by way of a built-in rechargeable battery.
Although this device specifically targets Microsoft wireless keyboards, there’s no reason to believe that other models can’t be added easily enough, depending on how well they enact their data encryption. It looks like Bluetooth-enabled keyboards are also a good solution.
If you see an unusual device plugged in around the office, it’s probably a good idea to ask someone what it’s for. In most cases, it’s probably something harmless, but being aware of your environment is the first step to good security.