Use a wireless mouse? "Mousejacking" takes advantage of a flaw in many wireless USB dongles.
Use a wireless mouse? This $15 hack could compromise your laptop
"Mousejacking" takes advantage of a flaw in many wireless USB dongles.
By Sean Hollister February 23, 2016 4:55 PM PST
They broke in like it was nothing. They could have wiped my hard drive, stolen my files, or practically anything nefarious you can do with a computer.
All because I had a wireless mouse dongle plugged into my laptop. And all they needed was a simple antenna that costs as little as $15 at Amazon.
Thankfully, "they" were a pair of security researchers from a company called Bastille, and every company that builds wireless mice and keyboards has already been alerted to the issue. If you have a Logitech Unifying receiver, there's already a fix. (Here is a link to a patch provided to us by Logitech: RQR_012_005_00028.exe.)
But if not, you too might be vulnerable to this technique. They're calling it a "Mousejack."
What Bastille security researcher Marc Newlin discovered was this. If you can send out a wireless signal that pretends to be a wireless mouse, most wireless USB dongles will happily latch onto it -- no questions asked. Then, you can have that fake wireless mouse pretend to be a wireless keyboard -- and start controlling someone else's computer.
With a laptop and a cheap wireless USB antenna called a Crazyradio, Newlin found he could do that from up to 200 meters away. Of course, you can't easily see someone's laptop screen from that far out, but that doesn't mean the hack isn't dangerous. A sequence of keyboard shortcuts is enough to wipe a hard drive -- or open a browser, navigate to a website, download malware and install it on a computer.
Normally, wireless keyboards send encrypted signals, so hackers can't spoof them and take over your PC. But wireless mouse traffic isn't always encrypted, according to Chris Rouland, CTO and founder of Bastille, because peripheral manufacturers didn't think it was necessary. Many of the tiny USB dongles used to wirelessly connect mice and keyboards are always listening for a new mouse, and they'll transmit whatever Bastille's fake "mouse" tries to send.
According to Bastille, because so many of these dongles use the same wireless chip -- a Nordic Semiconductor part -- there could be millions upon millions of vulnerable devices out there. Many of the dongles that come with mice and keyboards from Logitech, Microsoft, Amazon, Dell, HP, Lenovo and Gigabyte are at risk. Here's a list of the affected devices that Bastille has found so far... https://www.bastille.net/affected-devices
Thankfully, the vulnerability doesn't affect Bluetooth devices, or USB wireless dongles that aren't actively in use. Even if you've got one of these dongles sticking out the side of your laptop, Newlin's antenna and program can't find it unless it can latch onto the wireless signal from your mouse.
Perhaps the worst part of the vulnerability is that many dongles can't be fixed. While Logitech Unifying devices have dongles that can be upgraded -- and Logitech tells us its other Nano dongles aren't affected -- Bastille says that others may be permanently vulnerable. A Lenovo spokesperson told us it believes the issue is limited to its Lenovo 500 wireless keyboards and mice, and while users can't update those themselves, Lenovo is ready to exchange them for ones with a newer, safer firmware version.
Dell tells us that owners of its KM632 and KM714 keyboard and mouse sets should call technical support, and told Forbes that though its KM714 keyboard and mouse will soon be updatable with the same Logitech patch, other devices may need to be swapped out. Microsoft tells us it will investigate the issue and "provide resolution as soon as possible." We also reached out to HP, Amazon and Gigabyte but have yet to receive a reply.
The fact that Logitech Unifying dongles are upgradable could be a mixed blessing, because Rouland believes that hackers could also theoretically use them as transmitters. Hack one dongle, turn it into a transmitter to hack any others it sees. Suddenly, you've got a virus on your hands.
Here's the device that Newlin used to break into my laptop... http://www.amazon.com/gp/product/B014O8D7D0?keywords=Crazyradio%20PA&qid=1456263761&ref_=sr_1_fkmr0_2&sr=8-2-fkmr0&tag=cnet-viglink-20
It costs $12. All he had to do was hook it up to his laptop, write 15 lines of Python code, and wait for me to move my mouse. If you see someone using one of those at your local coffee shop -- or in your workplace -- be warned.
Update, 10:48 p.m. PT: Crazyradio prices on Amazon have jumped significantly in the hours since we published this story.