top of page

A vulnerability known as MouseJack and how your wireless mouse could be at risk


If you use a computer at work, home or carry one to use with your laptop then you should be listening. There are some of us that still don't mind the mess of cables and peripherals running across our desk but more than likely you have a wireless mouse or keyboard. This is especially common when you are using one with a laptop, you can just connect your USB receiver and have the functionality and feel of a regular mouse instead of the touch pad. Quite frankly almost everyone should have one, Five Below sells wireless mice for $5. But did you know your wireless mouse is susceptible to being hacked due to a security vulnerability called, MouseJack?


The MouseJack vulnerability is a collection of security vulnerabilities that affects non-Bluetooth mice and keyboards. It was discovered by the Threat Research Team at Bastille, a security firm. It allows the attacker (hacker) to type commands into a person's computer from up to 100 meters away with the help of a $15 USB dongle. This is possible because most wireless input devices (keyboard and mouse) transmit over a radio frequency to the USB connected to your computer. These communications are not encrypted. But most vendors make sure the communications from the wireless keyboard are encrypted while the communications from the wireless mouse are not.



diagram of unencrypted mouse packet communication (Photo: MouseJack)


diagram of encrypted keyboard packet communication (Photo: MouseJack) So because the mouse communications are unencrypted, any packet can appear to be coming from the user's mouse when it's actually coming from the attacker's. (see the diagram below) But the MouseJack is a collection of vulnerabilities along with spoofing (pretending) to be the user's mouse, there is also Keyboard injection, spoofing of a keyboard (although most keyboards transmit the packets with encryption, it's not required on all USB dongles).

diagram of spoof attack (Photo: MouseJack)

MouseJack from Bastille on Vimeo. You can check to see if your device is affected here. There is a list and also points to if the issue has been addressed by the vendor. If you have a Logitech mouse, like me (that's mine in the photo) there is a firmware update available. For vendors that haven't responded yet, it is advised to switch to a wired one until one is made.



0 views0 comments

Comments


bottom of page