FBI warns private industry partners about KeySweeper, a USB charger that harvests wireless data

Shawn Knight

Posts: 15,240   +192
Staff member

Third-party mobile accessories are popular among smartphone and tablet users due to their low price but as the FBI is now warning, these knockoff devices can cost you far more in the long run.

In a private industry notification sent out last month, the FBI’s cyber division warns of a device called a KeySweeper, a small electronic gadget that resembles a typical USB mobile device charger. Concealed within the device is a small bit of hardware that intercepts wireless data – information like passwords, trade secrets, intellectual property and personally identifiable information – and beams it back via cellular network to the nefarious party that installed it.

Because it looks like a standard USB phone charger, most people wouldn’t think twice about seeing it in an office setting.

If you’ve kept up on your security news, you may remember the KeySweeper as a proof-of-concept device that white hat hacker Samy Kamkar first showcased in January 2015. As Ars Technica points out, it’s unclear why the FBI waited more than 15 months to alert private industry partners of the potential threat.

Kamkar told the publication that he isn’t aware of any real-world attacks using a device like the one he showcased but that he also couldn’t rule it out as a possibility.

As an added layer of security, companies working with sensitive data will want to make sure that any wireless keyboards in use utilize strong cryptography. Or best yet, simply switch to wired keyboards to prevent devices like this from eavesdropping wireless signals.

Permalink to story.

 
Back