A private industry notification issued by the FBI in late April may indicate that keyloggers disguised as USB device chargers have been fund being used in the wild.
The notification does not say when or where the devices have been spotted, just that “the information in this notification was obtained through an FBI investigation.”
The device in question is called KeySweeper. Created by well-known whitehat hacker Samy Kamkar, it is “a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.”
Kamkar shared all the information needed for anyone to create such a device, so it’s likely that someone did.
Such as device, placed strategically in an office, could result in the theft of personally identifiable information, intellectual property, trade secrets, passwords, and other sensitive information.
“Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen,” the FBI notes.
They also warned that although KeySweeper was designed to harvest data from a specific brand of wireless keyboard, attackers could program the device to harvest data from other types of wireless devices. To do that, they should find a way to break the devices’ encrypted communication protocols.
The main problem with this type of device is that it is easily deployable, and difficult to spot, as it looks and functions just like a normal USB charger.
The FBI offered advice to companies and office workers on how to mitigate the KeySweeper threat, and they include using wired keyboards, wireless keyboards with strong encryption, or keyboards using Bluetooth (with additional precautions to protect against a similar type of data-harvesting attack).
They also advise workers to keep an eye for suspicious chargers plugged into office outlets and remove them but, realistically, I can’t see many workers remembering to do so.