Journal kasperd's Journal: Secure wireless mice 13
Most of you probably already know how annoying the wire on the mouse sometimes may be. That is why the wireless mouse was invented, and now I'm looking for one. But as with any other wireless equipment, security is an important issue. Sometimes these devices work over longer ranges than expected.
The possibility to sniff the input is not my only concern. Authenticity is also important, I don't want anybody within a range of 100m to be able to control my computer. So any product that doesn't do both encryption and MAC (message authentication codes), is out of the question.
It wouldn't be difficult to produce a secure product. Good ciphers and MACs exists, and key exchange can safely be done while the mouse is placed in the recharger. But finding a product that actually does this proves to be difficult.
I searched for wireless mice satisfying most of my needs (that is optical wireless mice with at least three mouse buttons). And I picked five well known manufacturers from the list. None of the informations I could find online answered my questions. So I decided to contact the companies and ask. The result were depressing.
- The first company had a wide range of wireless mice, but only one product with encryption. And even this product wasn't trustworthy, as it was based on proprietary algorithms. Security through obscurity is generally considered a sign of weakness, and is advised against in more than one place.
- The second company did not know what encryption and MAC is, and did not consider it to be necessary.
- The third company never replied to my email.
- The fourth company replied to my email, but did not try to answer my questions. Instead I was referred me to a reseller. The reseller had never heard about the product.
- The fifth company did not provide any contact informations on their webpage.
So I am starting to worry, that maybe secure wireless mice simply does not exist. Where should I look for a secure wireless mouse? And if I find a manufacturer, that can provide a good description of a secure product, how should I verify that the implementation actually match the description?
Of course my considerations about wireless mice also applies to keyboards. The keyboard may in fact be even more sensitive than a mouse, and since I don't move my keyboard as much as I move my mouse, I have decided to stick with wired keyboards.
Bluetooth (Score:2)
Apple's BT mice use AES-128
Re:Bluetooth (Score:2)
Maybe that is true. The one mouse the first company could offer with encryption was in fact a bluetooth mouse. But since it is security through obscurity, I still cannot trust it. It is not enough for me that they say there is encryption, I want a trustworthy product.
Apple's BT mice use AES-128
I did not look much on the Apple products, because I couldn't find any Apple mouse that satisfied the rest of my requirements. One of the requirements I mentioned was at lea
Re:Bluetooth (Score:1)
This isn't Apple's only implementation of AES-128. MacOS X has a feature that will encrypt a uses home folder in AES-128 on the fly, and they stand by it as being both secure and reliable.
But of course as you said, an Apple mouse isn't going to serve. This Bluetooth mouse [radtech.us] has 2 buttons and a scroll wheel, though I'm not sure of i
Re:Bluetooth (Score:2)
It is still not the implementation of AES-128 I'm worried about. That part they can easilly test against reference implementations. It is the way it is used.
MacOS X has a feature that will encrypt a uses home folder in AES-128 on the fly, and they stand by it as being both secure and reliable.
Is this on the block layer or on the filesystem layer? I have been looking a lot into what have been done on the block layer. But most of it sounds like an inse
Find one you like and hack it? (Score:1)
Re:Find one you like and hack it? (Score:2)
Updating the firmware is not an option if the hardware cannot do what I need. I mean the best solution I can think of requires the mouse to communicate with the receiver through the connectors in the recharger. If the hardware cannot do that, there is no way a modified firmware can help. Besides where do I find a mouse where I can actually update the firmware in the mouse?
hmm... (Score:1)
Re:hmm... (Score:1)
So did you not read what I wrote? Or did you just not understand it?
But of course secrecy is actually important as well. Many random number generators use mouse input as their primary or only source of randomness. If you can sniff the mouse you can predict randomness that was supposed to protect your network communication. You can
Re:hmm... (Score:1)
Re:hmm... (Score:2)
It is easier if you can see the screen, but I still believe a lot of damage can be done if you have a carefully prepared sequence of movements. It is easy to move the cursor to a corner of a screen. So if you know the coordinates of some icon relative to any of the corners of the screen, you can use it. If you can somehow manage to open a window with some predicatble text in it, you can also use cut'n'paste to
Bluetooth (Score:2)
Bluetooth gives you security as it's built into the protocal at Layer 2 I beleive. The pairing process is when key exchange is done. As to security of the cypher it the same across BT as it's part of that standard. The only reasons any security is there is because it's bui
Re:Bluetooth (Score:2)
That is wrong. I never told any of those companies, that PS/2 was in fact a requirement. They still were not able to suggest any trustworthy wireless mouse.
Thats a legacy interface designed for wired devices why would a company have any desire to implement security over a wired interface?
This is nonsense. I'm not talking about security over PS/2. I'm talking about security over the wireless connection.