Do you have an opinion on the keyboard firmware ZMK? They seem to use LESC but MITM during pairing is still a concern: https://zmk.dev/docs/features/bluetooth

▲

ryukoposting 3 days ago | parent [-]

It's a keyboard, I wouldn't fret about it. The idea that someone is going to steal your keystrokes to get your passwords is pretty moustache-twirly.

I'm more concerned about card readers, medical devices, etc.

▲

wongarsu 3 days ago | parent | next [-]

I think we can safely assume that a device that does that for entire offices at once is in the NSA's current ANT catalog. And other state actors are probably not far behind

The only thing making these kinds of attacks unattractive is that most companies are too stingy to buy anything better than a cheap wired Logitech keyboard

	▲	3 days ago \| parent [-]
		[deleted]

▲

imglorp 3 days ago | parent | prev | next [-]

Isn't this kind of thing a trinket at Defcon these days like the pineapple thing, or even a Flipper plugin? Ie not super hard to get and not so much mustache.

	▲	ryukoposting 3 days ago \| parent [-]
		The problem isn't the technology, it's all the surrounding logistics and incentives. Why hack a thing that few people use, and that you must collect data from for several minutes/hours/days, when you could hack something equally insecure that more people use, and provides more valuable data in less time?

▲

amitprayal a day ago | parent | prev [-]

moustache-twirly implying highly improbable?