Your wireless mouse and keyboard may be exposing your computer to cyber attacks. In under a minute, attackers can gain access to your computer—or even an entire network—by exploiting a worryingly common oversight.
The cybersecurity start-up Bastille Networks has discovered a vulnerability in non-bluetooth wireless mice and keyboards. The security flaw, nicknamed “Mousejack,” can allow remote entry onto PC’s, Macs, and Linux machines by “injecting unencrypted keystrokes” through the radio transceivers of these wireless devices.
Bastille Networks, founded in 2014 by Chris Rouland, specializes in detecting and mitigating threats from the Internet of Things (IoT).
Using a device that transmits specialized radio signals, hackers can fool the transceiver—usually USB dongles—into processing the hacker’s transmitted keystrokes as if they were being typed by the victim themselves. Through this, remarks Bastille, attackers can control the target computer as if they were “sitting in front of the machine, and executing commands from the victim’s own mouse and keyboard.”
Bastille notes that the devices utilized to transmit the radio signals can cost as little as $15.
This vulnerability has been shown to be exploitable from at least 100 m (around 328 ft) away, and allows for take full control of the victim’s computer, “as if the attacker was sitting in front of the machine, and executing commands from the victim’s own mouse and keyboard.”
Experienced cyber criminals can steal data and files, copy, install, and delete programs, and compromise entire networks in a matter of minutes by Mousejacking.
— Marc Newlin (@marcnewlin) March 17, 2016
A team of five Bastille research engineers discovered the flaw. “Mousejack is essentially a door to the host computer,” said one of the researchers, Marc Newlin. “Wireless mice and keyboards are the most common accessories for PC’s today, and we have found a way to take over billions of them.”
The affected dongle devices are produced by a number of major companies, such as Dell, HP, Lenovo, Logitech, Microsoft, and others, but Bastille believes most wireless keyboards and mice are susceptible. Bastille recommends unplugging your wireless mouse or keyboard until you can confirm they are safe.
For more information regarding the Mousejack security flaw, check out the video below.