New research has identified security vulnerabilities in wireless keyboards that could expose poker players´ personal identifiable information to a hacker.
The research was conducted by Bastille Networks – a U.S. company in the corporate online security market. Researchers from the company tested twelve off-the-shelf wireless keyboards, and found that eight of the twelve wireless keyboards connected with their USB dongle using unencrypted radio communication protocols.
After reverse-engineering a software-defined radio, the researchers were able to connect a cheap antenna to a laptop and record the keystrokes typed using the keyboards from hundreds of feet away. They were also able to take control of the keyboard remotely and type in their own commands. The researchers concluded that, with a better antenna, they could read the keystrokes and take control of a computer from the next block.
How Does This Affect Online Poker Players?
Basically, any information typed on a wireless keyboard with this security vulnerability can be eavesdropped by hackers. That includes usernames and passwords, answers to security questions, and credit card numbers – including credit card validation codes. Players using eWallets such as Skrill or Neteller could also have their log in details compromised.
Hackers can take over control of an online poker account by logging in with a player´s credentials, request a withdrawal and have the funds sent to an eWallet for which they already have the log in details. Thereafter, they could send the player´s funds from the eWallet to anywhere in the world. Unfortunately there is no way of knowing this has happened until the next time the player logs into their online account and finds it empty.
Of course, this is not a security issue exclusive to online poker. Hackers using the reverse-engineering process could eavesdrop on any online conversation at home or at work. As yet, there is no documented evidence to suggest an attack of this nature has already happened. But, with the news being released that it is possible, it is only going to be a question of time before players´ personal identifiable information is exposed and exploited.
Which Wireless Keyboards are Vulnerable?
The list of vulnerable wireless keyboards released by Bastille Networks only includes the eight that the researchers tested. The company says that any wireless keyboard not using Bluetooth-standard encryption technology could be vulnerable. The eight wireless keyboards found to be vulnerable were:
- Anker Ultra Slim 2.4GHz Wireless Compact Keyboard
- EagleTec K104 / KS04 2.4 GHz Wireless Combo keyboard
- GE 98614 Wireless Keyboard
- HP Wireless Classic Desktop Wireless Keyboard
- Insignia Wireless Keyboard NS-PNC5011
- Kensington ProFit Wireless Keyboard
- RadioShack Slim 2.4GHz Wireless Keyboard
- Toshiba PA3871U-1ETB Wireless Keyboard
Only two of the keyboard manufacturers have so far responded to Bastille Networks´ findings. Jasco Products – the licensees for General Electric (GE) – issued a statement in which they said they would refund the cost of the keyboard to concerned customers. Kensington announced that it had developed a firmware update for its ProFit Wireless Keyboard that includes AES encryption, and that concerned customers should contact technical support.
I Have a Vulnerable Wireless Keyboard. What Should I do?
If you have a vulnerable wireless keyboard, the advice issued by Bastille Networks is to change it as soon as possible for a wired keyboard or a wireless keyboard that has stronger security (Logitech, Dell, Lenovo, etc.). For enhanced security, players with accounts at PokerStars should take advantage of the site´s RSA Security Token, while players on other sites should contact their Customer Support to establish what other security measures are available.
Our advice is, until you are certain that your computer and its peripheral devices are secure, you should refrain from playing online poker.