It sounds like the stuff of a James Bond flick or something described in documents leaked by former NSA subcontractor Edward Snowden. In fact, the highly stealthy keystroke logger can be built by someone with only slightly above-average technical skills for as little as $10. Called KeySweeper, it’s a device disguised as a functioning USB wall charger that sniffs, decrypts, logs, and transmits all input typed into a Microsoft wireless keyboard.
KeySweeper is the brainchild of Samy Kamkar, a hacker who has a track record of devising clever exploits that are off the beaten path. The namesake of the Samy worm that inadvertently knocked MySpace out of commission in 2005, Kamkar has concocted drones that seek out and hack other drones and devised exploits that use Google Streetview and Google Wi-Fi location data to stalk targets. His hacks underscore the darker side of the connected world that makes it possible for bad guys to monitor our most private communications and everyday comings and goings.
KeySweeper follows the same path. Unveiled on Monday, it provides the software and hardware specifications for building a highly stealthy sniffing device that plucks out every keystroke inputted to a Microsoft wireless keyboard. The device can either log the input on a chip for physical retrieval later, or it can use an optional GSM chip to transmit the keystrokes wirelessly to the attacker. For maximum efficiency, it can be programmed to send the operator SMS messages whenever certain keywords—think “bankofamerica.com,” “confidential,” or “password”—are entered. The entire sniffing device can be stashed inside an AC USB charger that powers the device. It recharges when plugged in and runs off of battery when not connected to a power source. To people being spied on, it looks like just another USB charger plugged into a wall socket.
By Dan Goodin – Ars Technica –