Also, Bluetooth LE provides no eavesdropping protection. If an attacker can capture the pairing frames, they may be able to determine the "long-term key". Here's the NIST guidance paper on Bluetooth security: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=911133
The attack surface can be minimized if the keyboard manufacturer implements crypto properly, requires encryption at the protocol level, uses a long and complex PIN, etc. The manufacturer with the best reputation right now is Microsoft. They got burned pretty hard when their propriety wireless encryption was hacked back in 2007, and it looks like their bluetooth keyboards are doing everything right.
> Also, Bluetooth LE provides no eavesdropping protection. If an attacker can capture the pairing frames, they may be able to determine the "long-term key"
There's a practical attack for that, and it's quick. It also uses Ubertooth[1].
For all Bluetooth keyboards that I've seen in the past ~5 years the pairing process uses one of the "Secure Simple Pairing" modes. none of these have been broken, although "Just Works" is probably vulnerable. The keyboard that I've see use the "enter a 6 digit number" mode, which is not susceptible to man in the middle attacks that have been used against Bluetooth keyboards before[2].
Disclosure: I work on the Ubertooth and related projects.
(As a side note) Seeing the comment on acoustic fingerprinting, I guess it applies to wireless keyboards as well - even if the exact keycodes could be securely encrypted, keypress timing data, paired with finger movement model and typist habits analysis, would probably still leak information on what's typed.
Also, Bluetooth LE provides no eavesdropping protection. If an attacker can capture the pairing frames, they may be able to determine the "long-term key". Here's the NIST guidance paper on Bluetooth security: http://www.nist.gov/customcf/get_pdf.cfm?pub_id=911133
The attack surface can be minimized if the keyboard manufacturer implements crypto properly, requires encryption at the protocol level, uses a long and complex PIN, etc. The manufacturer with the best reputation right now is Microsoft. They got burned pretty hard when their propriety wireless encryption was hacked back in 2007, and it looks like their bluetooth keyboards are doing everything right.