The Journal of Korean Institute of Communications and Information Sciences (한국통신학회논문지)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지
DOI QR코드

DOI QR Code

A Study on Development of Attack System on the 2.4 GHz AES Wireless Keyboard

2.4 GHz AES 무선 키보드 공격 시스템 구축에 관한 연구

  • Lee, Ji-Woo (Kookmin University Department of Mathematics) ;
  • Sim, Bo-Yeon (Kookmin University Department of Mathematics) ;
  • Park, Aesun (Kookmin University Department of Financial Information Security) ;
  • Han, Dong-Guk (Kookmin University Department of Mathematics)
  • Received : 2016.11.01
  • Accepted : 2016.12.06
  • Published : 2017.01.31
Download PDF
⟨ Previous Next ⟩

Abstract

Due to a recent rise in use of a wireless keyboard and mouse, attacks which take user's input information or control user's computer remotely exploiting the physical vulnerability in the wireless communication have been reported. Especially, MouseJack, announced by Bastille Network, attacks 2.4 GHz wireless keyboards and mice through exploiting vulnerability of each manufacturer's receiver. Unlike other attacks that have been revealed, this allows to attack AES wireless keyboards. Nonetheless, there is only a brief overview of the attack but no detailed information on this attacking method. Therefore, in this paper we will analyze the Microsoft 2.4 GHz wireless mouse packet and propose a way to set the packet configuration for HID packet injection simulating a wireless mouse. We also develop a system with 2.4 GHz AES wireless keyboard HID packet injection using the proposed packet and demonstrate via experiment that HID packet injection is possible through the system we built.

최근 무선 키보드, 무선 마우스의 사용이 증가하는 추세에 따라 무선 통신 과정에서의 물리적 취약성을 이용하여 사용자의 입력 정보를 탈취하거나 원격으로 컴퓨터를 제어하는 공격들이 보고되고 있다. 특히 바스틸 네트워크에서 발표한 MouseJack 공격은 각 제조사별 수신기의 취약성을 이용하여 2.4 GHz 무선 키보드 및 마우스를 공격하였다. MouseJack 공격은 기존에 공개된 공격들과는 달리 AES 암호화가 적용된 무선 키보드를 대상으로 공격이 가능하다는 특징이 있다. 하지만 공격에 대한 개요만 설명할 뿐 공격 방법에 대한 구체적인 정보를 제공하지 않는다. 따라서 본 논문에서는 마이크로소프트 2.4 GHz 무선 마우스 패킷 구조를 분석하고 무선 마우스로 가장한 글쇠 주입 공격이 가능한 마우스 패킷 설정 방법을 제안한다. 또한 제안된 패킷을 이용하여 2.4 GHz AES 무선 키보드 글쇠 주입 공격 시스템을 구성하고, 실제 이를 통해 키보드 글쇠 주입이 가능함을 실험을 통해 보인다.

Keywords

References

  1. T. Schroder and M. Moser, KeyKeriki v2.0 - 2.4 GHz(2010), Retrieved Oct., 28, 2016, from http://www.remote-exploit.org/articles/keykeriki_v2_0__8211_2_4ghz/.
  2. T. Schroder and M. Moser, KeyKeriki v1.0 - 27 MHz(2009), Retrieved Oct., 28, 2016, from http://www.remote-exploit.org/articles/keykeriki_v1_0_-_27mhz/.
  3. Travis Goodspeed, Promiscuity is the nRF24L 01+'s Duty(2011), Retrieved Oct., 28, 2016, from http://travisgoodspeed.blogspot.kr/2011/02/promiscuity-is-nrf24l01s-duty.html.
  4. S. Kamkar, KeySweeper(2015), Retrieved Oct., 28, 2016, from http://samy.pl/keysweeper/
  5. S. J. Lee, "Study about vulnerability to 2.4GHz wireless keyboard with Arduino," M.S. Thesis, Kookmin university, 2015.
  6. Bastille Network, MouseJack(2016), Retrieved Oct., 28, 2016, from https://www.bastille.net/technical-details.
  7. NIST, "Announcing the Advanced Encryption Standard(AES)," FIPS PUB-197, Nov. 2002.
  8. Universal Serial Bus, HID Usage Tables, Oct. 2004.
  9. H. Y. Kim, "Study on the electromagnetic signal analysis of 27MHz wireless keyboards," M.S. Thesis, Kookmin university, 2014.
  10. H. Y. Kim, B. Y. Sim, A. S. Park, and D. G. Han, "Analysis of 27MHz wireless keyboard electromagnetic signal using USRP and GNU radio," J. Korea Inst. Inf. Security and Cryptol., vol. 26, no. 1, pp. 81-91, Feb. 2016. https://doi.org/10.13089/JKIISC.2016.26.1.81
  11. S. J. Lee, A. S. Park, B. Y. Sim, S. S. Kim, S. S. Oh, and D. G. Han, "Building of remote control attack system for 2.4 GHz wireless keyboard using an android smart phone," J. Korea Inst. Inf. Security and Cryptol., vol. 26, no. 4, pp. 871-883, Aug. 2016. https://doi.org/10.13089/JKIISC.2016.26.4.871
  12. M. Fahnle and M. Hauff, "Analysis of unencrypted and encrypted wireless keyboard transmission implemented in GNU radio based software-defined radio," Univ. of Appl. Sci. Inst. Commun. Technol., Hochschul Ulm, 2011.