GNOME 44

[rcarmo]

Oh, come on. All of it is now end-to-end encrypted. Unless you're using some cheap Chinese setup.

[felixg3]

Or Logitech Unifying and did not install a firmware update manually

[rcarmo]

Well, Bluetooth does the encryption part "properly", at least.

[jjraden]

"Properly" or properly? Quotes imply some sort of caveat, like it actually doesn't do it properly.

[rcarmo]

BT 3.0, 4.0 and 5.0 have slightly different twaks on that. You could spoof connections in older versions, although the details have slipped my mind.

[MayeulC]

And what about side channels? It should be relatively easy to link timing to each key pressed, for instance, if not outright extracting the encryption key from emitted signal power fluctuations.

These approaches are not just theoretical, they have been shown to work. And that's assuming the protocol itself is not vulnerable and has been implemented correctly. Moreover, I tend to use my keyboards a long time, making it likely that a new attack becomes possible over its lifetime.

[rcarmo]

Personal question, feel free not to answer: what is your occupation that someone would find so interesting as to drag over a truckload of RF equipment near your location to try to home in on your 2.4Ghz keyboard, which operates in one of the most saturated frequency ranges known to modern man? :)

[MayeulC]

Oh, I'm mostly worried about "dragnet" approaches and script kiddies.

I still occasionally use a wireless keyboard to type in a password, but by avoiding these, I also lower the probability of interception.

It makes me most uncomfortable when I am typing log-in credentials to my personal home server, that could be used to log in over the internet.

Other than that, I work at a lab, which sounds like a juicy target for leaving a passive Bluetooth sniffer in a closet somewhere.

I've just played enough with BackTrack (now Kali Linux) in my teens to know that other people may be doing the same.