Hijacking Wireless Mouse & Keyboard

Many wireless keyboard and mouse are vulnerable to hijacking where an attacker from 100 yards away can hijack your wireless keyboard and mouse.

The attack, which is being called MouseJack, affects Amazon, Dell, Gigabyte, HP, Lenovo, Logitech, Microsoft products,  and likely more vendors’ gear that they haven’t tested. Logitech alone shipped its billionth mouse in 2008, so the problem is widespread.

Startup Company Bastille,  is testing a system which consists of radio-frequency sensors that gather data about radio traffic in the enterprise and a cloud-based analysis engine that figures out what traffic represents a threat, says company founder and CEO Chris Rouland.

This attack can be elaborate as an employee could bring their personal Android phone to work that is infected with malware that tries to connect to network devices via Bluetooth and compromise them. But with no management client on the phone the enterprise would have no way to find out about the threat, Bastille CEO Chris Rouland says.

Some of the companies are issuing patches and workarounds or promising to.

The weakness lies in the protocols used between the devices and the USB wireless receivers attached to host computers, says Mark Newlin, the Bastille researcher who discovered the vulnerability. They are unencrypted, leaving the devices susceptible to keystroke injection attacks.

He says he carried out successful MouseJack attacks with the victim machine separated from the attacking machine by walls and windows.

Attackers could write scripts that fire off malware to be uploaded to the target that allows any number of further attacks, Newlin says, or to access resources the user’s login authorizes.

These devices use chips made by Nordic Semiconductor, some that support encryption and some that don’t. Newlin says those that do can be patched to implement the encryption. The others would have to be removed from the host machine when the keyboard and mouse are not in use and the machine is turned on and unattended.

In response to an email about the vulnerability Microsoft sent this statement via its PR firm: “Microsoft has a customer commitment to investigate reported security issues, and will proactively update impacted devices as soon as possible.”

Logitech called the vulnerability “a difficult and unlikely path of attack,” but also issued a patch for it. “To our knowledge, we have never been contacted by any consumer with such an issue,” says Asif Ahsan, senior director of engineering for the company.

Bastille makes radio-frequency sensors that scan traffic from 50MHz to 6GHz to recognize gadgets that are inside of an enterprise’s “environment” so security professionals can be on alarm for any attack they may start. The organization’s organizer and CEO Chris Rouland says a representative’s telephone, for instance, could be contaminated with malware that could conceivably harm the corporate system. For instance, it could search out Bluetooth connected with organized gadgets and endeavor to interface with the system that approach to do robbery or to harm the system itself.


How does it work?


Manish Dangol

Leave a Reply

Your email address will not be published. Required fields are marked *