Mousejack Attacks Exploit Wireless Keyboards and Mice

msm1267 writes: Researchers have discovered a vulnerability in the USB devices that support wireless keyboards and mice that could put a countless number of devices at risk to attack. Seven manufacturers have been informed of the flaw, but as of today, only Logitech has produced a firmware update. Some have no update mechanism and can never be patched. The issue lies in the fact that some of the commands from the peripheral device to the dongle are not encrypted. Most do not authenticate packets and an attacker within close proximity and using a USB transmitting malicious packets over radio frequency can trick the victim's machine into accepting mouse clicks impersonating keystrokes. It would take a matter of seconds for the attacker's code to load a rootkit, malware or additional network access.

No way

[the_skywise]

There's no way my wireless keyboard could ever be hacked in this fashion beca I MADE $125,000 YEAR BY USING THESE SIMPLE STEPS - CLICK HERE TO LEARN MORE http://888999444333.ze/?bypass...

Re:And that, ladies and gentlemen...

[wardrich86]

Saves a USB port, too!

But you'd need a Bluetooth dongle to get that connection... so you'd still be out a USB port. Not sure of many PC's that come with native Bluetooth support

High, actually. Re:Risk Level?

[Fencepost]

The risk from this could actually turn out to be really high - perhaps not to any individual system, but to an office environment. TFA includes "100 meters" and "a $15 USB dongle and 15 lines of Python code" which I could believe.

The issue is that if this can be a broadcast attack, it doesn't need to be successful any more than hacking an ad network needs 100% infection rates - if I can drive up outside a multi-story office building with a cheap adapter at the end of a USB extension cable (and perhaps an appropriate dish) and broadcast "Win-R http://attacksite.site/<Enter>", how many of the PCs in window offices will load that site which loads various exploits based on detection of the browser? This is even better than spearphishing because I don't have to worry about getting through email filters, and if I manage it right I know what company/companies I targeted at what time along with my trojan access to one or more computers within those offices.

Remember, this is injection of events, not 2-way communication. There's no handshaking or anything else.

I'm going to be keeping track of this and probably pushing some customers to eliminate or at least replace some cordless equipment - that was an agenda item before, but this can make it a high-priority agenda item.

Re:Bluetooth range

[mindwhip]

You tried to use 1600 bluetooth keyboards and mice in relatively close proximity (probably open plan/cubicle office) and are surprised they didn't work? you probably had them all networked using wifi at the same time as well...