Yo everyone! I have questions about using cheap and generic mechanical keyboards. For example the Royal Kludge RK61 which has wired, Bluetooth and 2.4GHz connections. My host will be Linux machines. Do you see any security issues with using keyboards like that or were there any incidents of such devices being malicious?
Another concern might be the 2.4GHz USB that’s included. Assuming it’s not doing anything malicious is the connection encrypted or would you always instead use wired or Bluetooth? Thanks for any answers!
The boring answer is that you should always be cautious about any device that you use with your computer.
Any device you plug into your computer, if malicious, can cause all manner of issues. From outright bricking your mobo to injecting malware. This is why you should never plug an unknown usb drive you find into your computer. Any keyboard is vulnerable to keyloggers and other snooping techniques.
With that said, is it likely? No, not really. It’s quite difficult for a keyboard to phone home unless it’s quite sophisticated, also you’re on Linux, most malware is for windows anyway. I’ve not really heard of this type of attack being used against individuals.
To be honest you’re probably not a target! If you work somewhere that a bad actor may want to target (the government, the power grid, military, a bank etc) and you want to use the keyboard with a work device or on the same network, then yes you should only use devices your IT team have approved to be safe. Otherwise for you at home, who isn’t being targeted by state level adversaries, a keyboard off the internet is probably fine.
Thanks for your answer! In a busy city, would you only used wired connection to it? Bluetooth is encrypted and probably fine too. Any thoughts on the included 2.4GHz dongle?
Wired is safer (if you trust the device), Bluetooth would be my next choice. But if someone really wants to know what you’re typing, they probably can with appropriate resources. There will be all sorts of vulnerabilities they can exploit to know what you’re up to. See the “Gloworm” attack for something interesting. As a private citizen there is more to life than being paranoid about such things. Nobody cares enough about you to listen into your keyboard’s Bluetooth connection! So any of those methods is probably fine.
Conversely if you’re into something that you think powerful, well resourced, motivated people may care about, then you shouldn’t be taking advice from strangers on the internet like me! Also don’t forget, if someone wants something e.g. your bank details, it’s easier to just hit you with a baseball bat until you tell them, then it is to set up a snooping operation.
It’s a 2.4ghz Dongle… It’s plenty safe. I can’t think of the last time I’ve heard of someone using a 2.4ghz Dongle to attack someone’s computer.
deleted by creator
I’ve heard that Irok keyboards have a macro that launches a file download and firewall access. They shockingly inexpensive when you consider how well they’re built - I’ve seen quite a few Youtube and TikTok videos about how they are really quite good BUT the macro thing is unnerving.
Completely anecdotal, but I’d expect something like Royal Kludge to be safely connected. It is cheaper from mechanical keyboard point of view but not like the really cheap membrane boards that are probably more like to have these connection risks - I’ve seen a many in an old office that would connect to dongles in other machines.
Ive been eyeballing a rk61, what makes you feel it would be safely connected?
Short answer: yes, I’m always paranoid 😅.
I haven’t looked into wireless protocols, but I remember reading something about attacks on Microsoft wireless keyboards because they no or minimal security. At home I’d feel safe-ish but if you’re gonna use a wireless keyboard in public, it’s probably worth looking if the wireless protocol you’re using has some kind of encryption.
There’s also the possibility of the USB dongle being malicious. It could contain malware I guess. I’m definitely outside what I know here, but I assume it would show up as a flash drive if it were trying to do something weird.
