Mousejack Attacks Exploit Wireless Keyboards and Mice

msm1267 writes: Researchers have discovered a vulnerability in the USB devices that support wireless keyboards and mice that could put a countless number of devices at risk to attack. Seven manufacturers have been informed of the flaw, but as of today, only Logitech has produced a firmware update. Some have no update mechanism and can never be patched. The issue lies in the fact that some of the commands from the peripheral device to the dongle are not encrypted. Most do not authenticate packets and an attacker within close proximity and using a USB transmitting malicious packets over radio frequency can trick the victim's machine into accepting mouse clicks impersonating keystrokes. It would take a matter of seconds for the attacker's code to load a rootkit, malware or additional network access.

And that, ladies and gentlemen...

[Chris+Mattern]

...is why you should be using bluetooth instead of cheaping out. Saves a USB port, too!

Re:And that, ladies and gentlemen...

[wardrich86]

Saves a USB port, too!

But you'd need a Bluetooth dongle to get that connection... so you'd still be out a USB port. Not sure of many PC's that come with native Bluetooth support

No way

[the_skywise]

There's no way my wireless keyboard could ever be hacked in this fashion beca I MADE $125,000 YEAR BY USING THESE SIMPLE STEPS - CLICK HERE TO LEARN MORE http://888999444333.ze/?bypass...

Re:Load malware?

[wonkey_monkey]

Really? With just keystrokes and mouse moves?

Yup. Actually, just keystrokes - the summary's a bit confused on the subject, but the article says nothing about spoofing mouse moves and clicks - it does, however, say that in some cases an attacker can impersonate the mouse but use it to send keypress packets (the keyboards in question encrypt these, but the receiver accepts them unencrypted from the "mouse").

but it will most likely be slow and visible

Not necessarily. What if you want access to a computer you can see through a window (and verify that no-one is near), but is behind a locked door? Even if you can't see the screen, sending Win+R c m d [enter] and so on seems fairly doable.

High, actually. Re:Risk Level?

[Fencepost]

The risk from this could actually turn out to be really high - perhaps not to any individual system, but to an office environment. TFA includes "100 meters" and "a $15 USB dongle and 15 lines of Python code" which I could believe.

The issue is that if this can be a broadcast attack, it doesn't need to be successful any more than hacking an ad network needs 100% infection rates - if I can drive up outside a multi-story office building with a cheap adapter at the end of a USB extension cable (and perhaps an appropriate dish) and broadcast "Win-R http://attacksite.site/<Enter>", how many of the PCs in window offices will load that site which loads various exploits based on detection of the browser? This is even better than spearphishing because I don't have to worry about getting through email filters, and if I manage it right I know what company/companies I targeted at what time along with my trojan access to one or more computers within those offices.

Remember, this is injection of events, not 2-way communication. There's no handshaking or anything else.

I'm going to be keeping track of this and probably pushing some customers to eliminate or at least replace some cordless equipment - that was an agenda item before, but this can make it a high-priority agenda item.

Re:Bluetooth range

[mindwhip]

You tried to use 1600 bluetooth keyboards and mice in relatively close proximity (probably open plan/cubicle office) and are surprised they didn't work? you probably had them all networked using wifi at the same time as well...

Just buy a similar keyboard/mouse

[eth1]

I worked as a one-man IT dept for a small private school for a few years. Someone donated a bunch of wireless keyboard/mouse sets one year, which were used by several of the teachers (without my involvement).

Shortly afterwards, I started getting odd "OMG, my computer is infected" reports. Mouses were moving on their own, and random typing was appearing out of nowhere.

The ethernet jacks were usually on shared walls, which resulted in PCs ending up on opposite sides of the same wall (only 2-3 feet apart). Since the devices only had three channels, several of these pairs had ended up on the same one, with hilarity ensuing. :)

Re:Load malware?

[complete+loony]

Hack a computer just by typing? Absolutely.