Slashdot Mirror

← Back to Stories (view on slashdot.org)

Optional Windows Update Aims To Halt Wireless Mouse Hijacking

Posted by msmash on from the improved-security dept.

Reader itwbennett writes: An optional Windows patch released Tuesday protects against an attack, dubbed MouseJack that affects wireless mice and keyboards from many manufacturers, including Microsoft and allows attackers to spoof a wireless mouse from up to 100 meters away and send rogue keystrokes instead of clicks to a computer. According to a Microsoft security advisory, the devices affected by this attack are: Sculpt Ergonomic mouse, Sculpt Mobile Mouse, Wireless Mobile Mouse 3000 v2.0, Wireless Mobile Mouse 3500, Wireless Mobile Mouse 4000, Wireless Mouse 1000, Wireless Mouse 2000, Wireless Mouse 5000 and Arc Touch Mouse. But Marc Newlin, one of the researchers who developed the attack said on Twitter that the patch doesn't go far enough and 'injection still works against MS Sculpt Ergonomic Mouse and non-MS mice.'

2 of 25 comments (clear)

  1. TFA devoid of detail by AmiMoJo · · Score: 2

    From what I can gather without any real detail in the rather useless article Microsoft are looking for timing discrepancies to try to detect this attack. Normally packets come in at regular intervals, so if one comes outside the regularly expected window it is considered malicious. There must be some clever filtering because the clock on the keyboard/mouse will drift in relation to the computer etc.

    This could be overcome by simply replicating the timing of the keyboard/mouse. They don't transmit constantly to save battery power, only when a key is pressed or the mouse is moved.

    Anyone know if Bluetooth keyboards are vulnerable?

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    1. Re:TFA devoid of detail by tlhIngan · · Score: 3, Informative

      From what I can gather without any real detail in the rather useless article Microsoft are looking for timing discrepancies to try to detect this attack. Normally packets come in at regular intervals, so if one comes outside the regularly expected window it is considered malicious. There must be some clever filtering because the clock on the keyboard/mouse will drift in relation to the computer etc.

      This could be overcome by simply replicating the timing of the keyboard/mouse. They don't transmit constantly to save battery power, only when a key is pressed or the mouse is moved.

      Anyone know if Bluetooth keyboards are vulnerable?

      It's based on a hack to get additional keyboards and mice paired with your computer. It's because there are flaws in the way Logitech, Microsoft and many other wireless products add devices to their receivers and synchronize them. So Microsoft's patch, which is only for their products because they don't know how Logitech's or others work, is to basically examining the timing of the packets to make sure the vulnerability isn't being exploited.

      It's a device-add attack - the attacker is trying to add their keyboard and mouse to your computer remotely so they can control it. That's what the driver is looking for.

      Bluetooth keyboards may be vulnerable too, depending on how they do their pairing. But in general it's a lot less problematic because a Bluetooth keyboard requires OS support to pair and OS drivers to handle the input. The non-Bluetooth wireless devices use the dongle to emulate a standard HID device and do all their pairing internally.

      This is why you can use those keyboards during boot or with multiple OSes, whereas Bluetooth ones can't be used during boot (except for say, Macs) and if you dual/triple/etc boot, you have to re-pair the keyboard all the itme.

      If it is possible to negotiate rogue key/mouse input (which presumably requires proper communication between the rogue keyboard/mouse and the target device), then would it not also be possible to capture the data from the real keyboard/mouse? And in that case, it would seem quite possible, then, to steal keystrokes/mouse movements -- say during someone's login.

      No, the hack is to add keyboards and mice to your PC. Wireless communications for keyboard sand mice are generally encrypted (including Bluetooth) to prevent capturing of keystrokes and mouse movements

      Once the attacker has added their keyboard and mouse to your PC, they can then do anything - install malware, etc to then get your passwords and information, or to get access to your PC remotely.