Are wireless keyboards safe for typing in sensitive information?

Every once in a while, I get a question about the safety of wireless keyboards.  For example, if I'm going to type in my credit card, SSN or birthdate, is it safe to use a wireless keyboard.  The short answer is, probably not.  Watch the video in the link below for an example as to why not.

In general, there are three types of wireless keyboards in wide use today.  The older, infrared type requires line of sight between the keyboard and the computer to transmit the signal.  If a malicious hacker were able to intercept this signal, they would be one step closer to decoding what you type.  In practice, infrared keyboards were a pain to use, which is why wireless using radio signal became much more popular.

There are 2 types of radio wireless keyboards that I'm aware of.  The first uses a wireless signal with a dongle that you plug into your USB port.  The second uses the popular Bluetooth Spec.

The Bluetooth wireless keyboards, popular with Macintosh machines, can use encryption to protect the contents in use during transit.  The major problem with Bluetooth is during the pairing phase, where a secret key is established.  Unfortunately, many manufacturers make this key 0000 or 1234, making it very easy to sniff a pairing session.  If weak encryption is used, it is probably easy to hack.  And, since typing usually sends 1 character at a time, it is probably an easier task to use plaintext encryption breaking techniques.  For example, if I know that you sent a particular email at a certain time, I can probably take my wireless capture of your keystrokes and correlate it to the same time period to help break the encryption.

Wireless keyboards that aren't using Bluetooth sometimes use common, non-encrypted, or weak-encrypted protocols.  These can be easier to hack than Bluetooth.  Here is a site with a demo video showing this technique.

http://www.remote-exploit.org/Keykeriki.html

So, I would steer clear of wireless keyboards for the most part.  That being said, physical security is just as important.  If I can access your machine when you aren't there, I can easily plug in a keylogger to your wired keyboard and steal your information that way.

Thanks,
ep