Mousejack Attacks Exploit Wireless Keyboards and Mice

msm1267 writes: Researchers have discovered a vulnerability in the USB devices that support wireless keyboards and mice that could put a countless number of devices at risk to attack. Seven manufacturers have been informed of the flaw, but as of today, only Logitech has produced a firmware update. Some have no update mechanism and can never be patched. The issue lies in the fact that some of the commands from the peripheral device to the dongle are not encrypted. Most do not authenticate packets and an attacker within close proximity and using a USB transmitting malicious packets over radio frequency can trick the victim's machine into accepting mouse clicks impersonating keystrokes. It would take a matter of seconds for the attacker's code to load a rootkit, malware or additional network access.

Re:Load malware?

[wonkey_monkey]

Really? With just keystrokes and mouse moves?

Yup. Actually, just keystrokes - the summary's a bit confused on the subject, but the article says nothing about spoofing mouse moves and clicks - it does, however, say that in some cases an attacker can impersonate the mouse but use it to send keypress packets (the keyboards in question encrypt these, but the receiver accepts them unencrypted from the "mouse").

but it will most likely be slow and visible

Not necessarily. What if you want access to a computer you can see through a window (and verify that no-one is near), but is behind a locked door? Even if you can't see the screen, sending Win+R c m d [enter] and so on seems fairly doable.

High, actually. Re:Risk Level?

[Fencepost]

The risk from this could actually turn out to be really high - perhaps not to any individual system, but to an office environment. TFA includes "100 meters" and "a $15 USB dongle and 15 lines of Python code" which I could believe.

The issue is that if this can be a broadcast attack, it doesn't need to be successful any more than hacking an ad network needs 100% infection rates - if I can drive up outside a multi-story office building with a cheap adapter at the end of a USB extension cable (and perhaps an appropriate dish) and broadcast "Win-R http://attacksite.site/<Enter>", how many of the PCs in window offices will load that site which loads various exploits based on detection of the browser? This is even better than spearphishing because I don't have to worry about getting through email filters, and if I manage it right I know what company/companies I targeted at what time along with my trojan access to one or more computers within those offices.

Remember, this is injection of events, not 2-way communication. There's no handshaking or anything else.

I'm going to be keeping track of this and probably pushing some customers to eliminate or at least replace some cordless equipment - that was an agenda item before, but this can make it a high-priority agenda item.

Re:Load malware?

[complete+loony]

Hack a computer just by typing? Absolutely.