The problem
|
|
KeySweeper is a stealthy device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity. This 007 'James Bond' / 3-letter government agency gadget can be assembled using low cost parts readily available on eBay and instructions published on the web. Author: Samy Kamkar (the creator of EverCookie)
The workaround
Don't use wireless keyboards, period! But what if you love your stylish wireless keyboard? Even without it, your typing activity could be recorded from a wired keyboard using keylogging hardware or spyware software. If your passwords are sniffed from a wireless or wired keyboard, a hacker could acquire access to your digital documents and potentially to your entire online life.
Our experimental project: Access passwords in an AES encrypted Excel vault using an Arduino lock.
Proof-of-concept: Workbook and sheet passwords can be added to an Excel vault and used by this Password Vault add-in powered by Ribbon Commander. The passwords are stored in a Table (ListObject) inside an AES encrypted OpenXML Excel locked with an file-open password.
The file-open password of the vault is the master-key that must be kept top-secret, as it can unlock the encrypted file holding your invaluable passwords. Your personal master-key will be transmitted to Excel from the Arduino board connected to a USB port of your PC, after entering a PIN on its keypad.
Passwords retrieved from the vault are used to remove sheet and workbook protection. People who love their wireless keyboards (for whatever reason) could evade password detection by wireless keyboard sniffers, such as the one ingeniously crafted by Samy.
Our experimental project: Access passwords in an AES encrypted Excel vault using an Arduino lock.
Proof-of-concept: Workbook and sheet passwords can be added to an Excel vault and used by this Password Vault add-in powered by Ribbon Commander. The passwords are stored in a Table (ListObject) inside an AES encrypted OpenXML Excel locked with an file-open password.
The file-open password of the vault is the master-key that must be kept top-secret, as it can unlock the encrypted file holding your invaluable passwords. Your personal master-key will be transmitted to Excel from the Arduino board connected to a USB port of your PC, after entering a PIN on its keypad.
Passwords retrieved from the vault are used to remove sheet and workbook protection. People who love their wireless keyboards (for whatever reason) could evade password detection by wireless keyboard sniffers, such as the one ingeniously crafted by Samy.
Excel password vault secured with an Arduino lock
Please note: as of May 2015 the communication between Excel and Arduino is not encrypted
Support and feedback from crypto-analysts and Arduino experts will be greatly appreciated!
Support and feedback from crypto-analysts and Arduino experts will be greatly appreciated!
What is Arduino?
Arduino is an open-source physical computing platform based on a simple microcontroller board and a development environment for writing software for it. There is a wide range of Arduino boards and accessories which can communicate with a computer via a USB or Ethernet port and wirelessly via WiFi, GSM and Bluetooth.
