New wireless mouse vulnerability could let hackers to take over your computer

New wireless mouse vulnerability could let hackers to take over your computer

A Hacker Claims to be Selling 32m Twitter Accounts on the Dark Web
Hackers Hijacked Mark Zuckerberg’s Twitter and Pinterest Accounts
Highly Destructive Malware Led Ukraine to Face World’s First Blackout Caused by Hackers

Those who are using wireless mouse, I had a bad news for you. Security researchers found that a vulnerability in wireless mouse from popular manufactures could let hackers to take over the computer or gain access to a network within seconds.

Also Read : Best cybersecurity practices to prevent data breach in your oraganisation

Wireless Mouse Vulnerability Could Welcome Hackers To Your Computer

Marc Newlin and Balint Seeber, the pair working for Bastille, a startup cyber security company discovered security vulnerability, MouseJack.

The researchers are able to exploit the vulnerability and prove that hackers as far as 100 meters away  could potentially exploit the affected wireless mouse or keyboard and use it as a portal to potentially take over a computer, transfer files, insert malware, delete the contents, and even infiltrate a network.

How MouseJack Attack Works ?

Wireless mice from companies like HP, Lenovo, Amazon and Dell use unencrypted signals to communicate with computers.

“They haven’t encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer. This would be the same as if the attacker was sitting at your computer typing on the computer,” — said Newlin, a security researcher at Bastille.

A hacker uses an antenna, a wireless chip called a dongle, both available for the less USD $20, and a simple line of code to trick the wireless chip connected to the target computer into accepting it as a mouse.

Also Read : First Fully Functional Mac Ransomware Targeted Apple Users

“So the attacker can send data to the dongle, pretend it’s a mouse but say ‘actually I am a keyboard and please type these letters,” — Newlin said.

“If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute,” — Rouland said.

And at a thousand words a minute, the hacker can take over the computer or gain access to a network in seconds.

It was found that Bluetooth devices are not vulnerable to this type of attack.

Also Read : New Malicious Text Message Malware Can Erase Everything In Your Android Phone

To see MouseJack in action, checkout the video :

Unlike these earlier exploits which attacked the encryption schemes for dongle to keyboard communication, Mousejack shows that an attacker can entirely bypass a dongle’s encryption scheme and powerdrive keystrokes to the computer (Windows or Mac).

These keystrokes impersonate the user and thus have all the authority to steal data and damage local or network file systems that the logged-in user has.

Bastille adds that some of the larger companies with WiFi-based mice have since pushed out firmware updates to help prevent such hacks in the futurue.

Also Read : The best Linux distro for beginners