Snoopers could easily hack wireless keyboards made by eight different manufacturers, researchers announced this week.
The vulnerability, discovered by cyber-security firm Bastille, would allow hackers to monitor keystrokes from as far as 250 feet using cheap electronics and minimal coding. Affected keyboards include models from HP, Toshiba, Kensington, Insignia, Radio Shack, Anker, General Electric, and EagleTec.
The exploit, which Bastille is calling "Keyjack," works much the same way as another vulnerability its team discovered earlier this year. All hackers need to do is purchase a 2.4GHz radio transmitter and an antenna, which can be had for less than $100 online. By modifying the transmitter's firmware, they can take advantage of the keyboards' lax security to capture victims' keystrokes and send their own to the receivers connected to the user's computer.
"When we purchase a wireless keyboard we reasonably expect that the manufacturer has designed and built security into the core of the product," Bastille researcher Marc Newlin said in a statement. "Unfortunately, we tested keyboards from 12 manufacturers and were disappointed to find that eight manufacturers (two-thirds) were susceptible to the KeySniffer hack."
"Even if the user is not at their computer or typing on their keyboard the USB dongle is constantly transmitting data wirelessly," Newlin told Threatpost. "That makes it easy for an attacker to survey a building, room or area and quickly identify all these keyboards that are vulnerable to this type of attack."
Jasco Products, which manufactures General Electric keyboards, said in a statement that it is aware of the vulnerability and encouraged owners of the GE 98614 keyboard and mouse combo to contact its customer support team.
The other seven manufacturers Bastille identified did not immediately respond to PCMag's request for comment on their plans to address the vulnerability or whether they have seen reports of hackers using it. Bastille said some of the companies it spoke with acknowledged the vulnerability but said that there is no easy fix, and suggested consumers stop using the affected keyboards.
Bluetooth keyboards as well as those made by Logitech and a few other manufacturers use more advanced security and are not affected, according to Bastille.
This article originally appeared on PCMag.com.