Gee, it sounds like something out of one of those 1970s TV shows about government spies, but it’s reality: Plug this little thing into a wall socket and it records the keystrokes of a person nearby typing into a Microsoft wireless keyboard. The little gadget sends the information back to the gadget’s owner over the Internet.
An article on threatpost.com explains that KeySweeper can alert its operator when keystrokes spell out something that the thief-operator would be interested in, such as a bank’s website address. The device continues working even when removed from the wall socket.
As for making a KeySweeper, Kamkar says that it’s not wise for a person without strong knowledge of electrical things to attempt to construct one.
To remain as inconspicuous as possible, the KeySweeper relies upon low profile hardware and very low power. It can also be powered by a battery because it’s installed inside a USB wall charger. So if you unplug the device (and thus disconnect it from A/C power), KeySweeper is still going, relying on its battery inside.
And if you think that KeySweeper is difficult to detect, you’re correct. It could be sitting in someone’s lap one table over from you at the Internet cafe and recording your keystrokes.
Your only protection then would be to use a keyboard that requires an electrical cord, or, a wireless one that’s not from Microsoft. Kamkar’s device works only with Microsoft because of the technological compatibility that Microsoft’s wireless keyboards have with the gadget. It is likely however that devices such as this will become more common and will also work with other keyboards.
So how do you protect yourself? Seems difficult if not impossible. One way would be to reduce the amount of data that could be exposed. The most sensitive data is generally passwords and credit card data. A password manager will enter all this data for you and not require keystrokes. This is the most effective and secure “autofill” available that bypasses keystrokes.