KeySweeper — You Could Be Using A Fake USB Charger That Records Everything You Type

15 months ago, Samy Kamkar, a white hat hacker, revealed a proof-of-concept attack platform called KeySweeper. It was a stealthy Arduino-based hacking device that looked like a USB wall charger.

KeySweeper silently recorded and decrypted any keystroke from a Microsoft wireless keyboard around it. The keystrokes, it recorded, were logged online and alerts were sent when a person typed some particular words or URLs. Moreover, if unplugged, it continued to work with the help of its internal battery.

Microsoft’s keyboards use 2.4GHz wireless protocol and Samy exploited the same proprietary protocol.

Samay Kamkar open sourced the details of this hacking device whose making costs just $10-80. These are the components that are needed to make a KeySweeper device:

• Arduino/Teensy microcontroller
• NRF2401+ 2.4GHz RF Chip
• AC USB Charger
• SPI Serial Flash Chip
• 3.7 LiOn/LiPo battery
• Adafruit FONA and SIM card (optional)

Samy has also shared KeySweeper’s source code on GitHub and written about the other pieces of software on his website.

Now, the government is looking concerned about this live web monitoring tool and the FBI’s Cyber Division is warning the private industry about the same.

Here’s what the FBI has to say about KeySweeper:

If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information