Security vulnerabilities in wireless devices can be exploited by hackers, but what about mousejacking wireless mice and hijacking wireless keyboards? According to a team of security researchers at Bastille, an IoT security start-up, the devices can be hijacked and used by hackers to steal data or compromise a network. Furthermore, in many cases the devices can be hijacked from up to 330 feet away. That’s far enough away for a hacker to be able to sit in his or her car outside a building and force a user to download malware. All a hacker is likely to need is about $15 of very readily accessible hardware say the researchers.
Mousejacking – A New Concern for Security Professionals
Bastille’s researchers looked at wireless mice and keyboards from major device manufacturers such as Logitech, Microsoft, Lenovo, HP, and Gigabyte. Since alerting the manufacturers to the risk of mousejacking and keyboard-jacking, some have released patches to address the vulnerabilities. For others, no patches have yet been developed leaving the devices vulnerable to attack. The problem does not appear to affect Bluetooth devices, but all other mice and keyboards that use a wireless dongle are potentially vulnerable.
With basic hardware, including a software-defined radio, a hacker could scan for the frequencies used by wireless devices and identify targets. Once a target was identified, forged packets could be transmitted to the address of the target.
While traffic sent between a wireless keyboard or mouse and the device’s dongle is encrypted, the dongle can still accept unencrypted commands, provided those keystrokes or clicks appear to come from its accompanying wireless mouse or keyboard. The researchers were able to inject keystrokes by sending unencrypted packets via the dongle that pairs with its wireless device.
Mousejacking could potentially be used to download malware onto devices, although Bastille software engineer Marc Newlin has hypothesized that the flaw could be used by a hacker to set up a wireless hotspot on the device. That hotspot could then be used to exfiltrate data, even in the absence of a network connection. A command window could also be opened on the device and a network vulnerability introduced, or a rootkit could be installed.
Logitech has already issued a patch and Lenovo has addressed the vulnerability for all new devices, but its patch cannot be applied to existing devices and must be installed at the time of manufacture. Microsoft is looking into the reported vulnerability but a patch has not yet been issued. Some Dell devices can also be patched, but not all.
While an mousejacking attack would be complicated and difficult to pull off outside of a controlled environment, a skilled hacker in close proximity to a device could potentially conduct a mousejacking attack. Since mousejacking can be used up to 330 feet away from the device, that individual would not even need to be in the building.