Browse > Article
http://dx.doi.org/10.7840/kics.2017.42.1.233

A Study on Development of Attack System on the 2.4 GHz AES Wireless Keyboard  

Lee, Ji-Woo (Kookmin University Department of Mathematics)
Sim, Bo-Yeon (Kookmin University Department of Mathematics)
Park, Aesun (Kookmin University Department of Financial Information Security)
Han, Dong-Guk (Kookmin University Department of Mathematics)
Publication Information
The Journal of Korean Institute of Communications and Information Sciences / v.42, no.1, 2017 , pp. 233-240 More about this Journal
Abstract
Due to a recent rise in use of a wireless keyboard and mouse, attacks which take user's input information or control user's computer remotely exploiting the physical vulnerability in the wireless communication have been reported. Especially, MouseJack, announced by Bastille Network, attacks 2.4 GHz wireless keyboards and mice through exploiting vulnerability of each manufacturer's receiver. Unlike other attacks that have been revealed, this allows to attack AES wireless keyboards. Nonetheless, there is only a brief overview of the attack but no detailed information on this attacking method. Therefore, in this paper we will analyze the Microsoft 2.4 GHz wireless mouse packet and propose a way to set the packet configuration for HID packet injection simulating a wireless mouse. We also develop a system with 2.4 GHz AES wireless keyboard HID packet injection using the proposed packet and demonstrate via experiment that HID packet injection is possible through the system we built.
Keywords
AES wireless keyboard; wireless mouse; MouseJack; HID Packet Injection; USB receiver;
Citations & Related Records
Times Cited By KSCI : 2  (Citation Analysis)
연도 인용수 순위
1 T. Schroder and M. Moser, KeyKeriki v2.0 - 2.4 GHz(2010), Retrieved Oct., 28, 2016, from http://www.remote-exploit.org/articles/keykeriki_v2_0__8211_2_4ghz/.
2 T. Schroder and M. Moser, KeyKeriki v1.0 - 27 MHz(2009), Retrieved Oct., 28, 2016, from http://www.remote-exploit.org/articles/keykeriki_v1_0_-_27mhz/.
3 Travis Goodspeed, Promiscuity is the nRF24L 01+'s Duty(2011), Retrieved Oct., 28, 2016, from http://travisgoodspeed.blogspot.kr/2011/02/promiscuity-is-nrf24l01s-duty.html.
4 S. Kamkar, KeySweeper(2015), Retrieved Oct., 28, 2016, from http://samy.pl/keysweeper/
5 S. J. Lee, "Study about vulnerability to 2.4GHz wireless keyboard with Arduino," M.S. Thesis, Kookmin university, 2015.
6 Bastille Network, MouseJack(2016), Retrieved Oct., 28, 2016, from https://www.bastille.net/technical-details.
7 NIST, "Announcing the Advanced Encryption Standard(AES)," FIPS PUB-197, Nov. 2002.
8 Universal Serial Bus, HID Usage Tables, Oct. 2004.
9 H. Y. Kim, "Study on the electromagnetic signal analysis of 27MHz wireless keyboards," M.S. Thesis, Kookmin university, 2014.
10 H. Y. Kim, B. Y. Sim, A. S. Park, and D. G. Han, "Analysis of 27MHz wireless keyboard electromagnetic signal using USRP and GNU radio," J. Korea Inst. Inf. Security and Cryptol., vol. 26, no. 1, pp. 81-91, Feb. 2016.   DOI
11 M. Fahnle and M. Hauff, "Analysis of unencrypted and encrypted wireless keyboard transmission implemented in GNU radio based software-defined radio," Univ. of Appl. Sci. Inst. Commun. Technol., Hochschul Ulm, 2011.
12 S. J. Lee, A. S. Park, B. Y. Sim, S. S. Kim, S. S. Oh, and D. G. Han, "Building of remote control attack system for 2.4 GHz wireless keyboard using an android smart phone," J. Korea Inst. Inf. Security and Cryptol., vol. 26, no. 4, pp. 871-883, Aug. 2016.   DOI