mattdibi / redox-w-firmware

Firmware for nordic MCUs used in the Redox wireless keyboard
MIT License
77 stars 42 forks source link

Keyboard hijacking and monitoring caused by hard coding channel table and gzll base address. #27

Open sealpp opened 2 years ago

sealpp commented 2 years ago

Hey there.

I made 2 set of keyboards. When I using them, I find that the two keyboards will interfere with each other when they work at the same time. After further testing, I found that the cause of this problem is hard coding at:

Not only the interference between keyboards, but also serious security problems:

I think the address and channel should be determined according to user input, and users should be informed of certain security risks.

mattdibi commented 2 years ago

Hi there, everything you reported is indeed correct and already brought to my attention here and other multiple occasions.

I think the address and channel should be determined according to user input

It is in the form of the hardcoded addresses you linked.

users should be informed of certain security risks.

This is an area that needs improvement for sure. I'll try to update the main docs ASAP.