This is actually interesting from the perspective of fairness in e-sports. It's been rumoured that professional players could "cheat on LAN" by side-loading cheat software through modified hardware supplying custom 'drivers'.
If the hardware itself has vulnerabilities it could be used to mask the cheat loading and make it harder for the host PCs to detect if any of that side-loading is happening.
Anybody know of secure alternatives?
It seems these wireless keyboards are all made as cheaply as possible. Microsoft advertises "AES security" for their wireless keyboards and mice, with a pre-paried USB dongle. But since they run on 27 MHz via a custom USB dongle I assume it's a proprietary protocol (and therefore likely quite insecure). Bluetooth might be a bit better but still has limited range for conference-room use.
Requiring physical access to the keyboard by the attacker first, makes this less impactful.
With physical access the they keyboard/computer, they could plant any other number of devices/bugs or extract information.
> CVE-2019-13053, an attacker can inject any keyboard input into the encrypted radio traffic of the Unifying keyboards without knowing the crypto key used. To do this, the attacker only needs to have temporary access to the keyboard in order to press some keys.
or you know, ask the nice bank lady to type this "magic key combination" for you. Yes darling my name is little bobby tables.
>CVE-2019-13052 is not being addressed either. The attacker can decrypt the encrypted communication between the input devices if he has recorded the pairing process.
Oh dear, did the keyboard I am currently jamming stopped working? I have same model! my son/nephew told me you need to pair them. Ill just sit here patiently while you do that.