A security researcher claims to have developed a USB wall charger that can eavesdrop on almost any wireless Microsoft keyboard, VentureBeat is reporting — and he's released instructions on how to build it online.

The device, called the KeySweeper, masquerades as a working USB wall charger. However, it secretly monitors any Microsoft wireless keyboards within range and "passively sniffs, decrypts, logs and reports back" everything typed on them, its creator alleges. It could be used to record passwords and bank details, or capture confidential documents as they're being typed.

The KeySweeper is also a fully-functional USB charger Samy Kamkar The security flaw has been highlighted by Samy Kamkar, a security researcher and entrepreneur who has previously flagged up issues with Parrot drones, illicit smartphone tracking and the PHP programming language. The device can be built for as little as $10, with optional features including sending SMS alerts when keywords are entered, and an internal rechargeable battery — meaning the device can keep logging keystrokes even when unplugged.

Microsoft wireless keyboards encrypt their data before sending it wirelessly, but Kamkar claims to have discovered multiple bugs that make it easy to decrypt. The researcher hasn't tested it on every Microsoft wireless keyboard, but he believes that due to similarities between them, they will all be affected.

A Microsoft spokesperson told VentureBeat that they "are aware of reports about a 'KeySweeper' device and are investigating."

Kamkar hasn't just highlighted the vulnerability — he's released detailed instructions on how to build the device on GitHub. He's also produced a half-hour video on KeySweeper, which you can watch below:

A spokesperson from Microsoft told us that the vulnerability only affects keyboards using pre-2011 designs, because more recent ones "use Advanced Encryption Standard (AES) technology." However, Samy told TechCrunch that affected keyboards are still on sale. "The vulnerable keyboards are *still* being manufactured and sold today, even from Microsoft's own web site and major retailers like Best Buy," he said. "I purchased the vulnerable keyboard brand new from Best Buy just last month, and the date next to the serial number says '07/2014.'"