Those who are using wireless mouse, I had a bad news for you. Security researchers found that a vulnerability in wireless mouse from popular manufactures could let hackers to take over the computer or gain access to a network within seconds.
Wireless Mouse Vulnerability Could Welcome Hackers To Your Computer
Marc Newlin and Balint Seeber, the pair working for Bastille, a startup cyber security company discovered security vulnerability, MouseJack.
The researchers are able to exploit the vulnerability and prove that hackers as far as 100 meters away could potentially exploit the affected wireless mouse or keyboard and use it as a portal to potentially take over a computer, transfer files, insert malware, delete the contents, and even infiltrate a network.
How MouseJack Attack Works ?
Wireless mice from companies like HP, Lenovo, Amazon and Dell use unencrypted signals to communicate with computers.
“They haven’t encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer. This would be the same as if the attacker was sitting at your computer typing on the computer,” — said Newlin, a security researcher at Bastille.
A hacker uses an antenna, a wireless chip called a dongle, both available for the less USD $20, and a simple line of code to trick the wireless chip connected to the target computer into accepting it as a mouse.
“So the attacker can send data to the dongle, pretend it’s a mouse but say ‘actually I am a keyboard and please type these letters,” — Newlin said.
“If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute,” — Rouland said.
And at a thousand words a minute, the hacker can take over the computer or gain access to a network in seconds.
It was found that Bluetooth devices are not vulnerable to this type of attack.
To see MouseJack in action, checkout the video :
Unlike these earlier exploits which attacked the encryption schemes for dongle to keyboard communication, Mousejack shows that an attacker can entirely bypass a dongle’s encryption scheme and powerdrive keystrokes to the computer (Windows or Mac).
These keystrokes impersonate the user and thus have all the authority to steal data and damage local or network file systems that the logged-in user has.
Bastille adds that some of the larger companies with WiFi-based mice have since pushed out firmware updates to help prevent such hacks in the futurue.
Also Read : The best Linux distro for beginners