The following devices have been tested and are vulnerable to a MouseJack keystroke injection attack (specifically vulnerabilities that pertain to Bastille Threat Research Team Tracking Number #1-7, 9 & 12). To help determine whether you have an affected device connected to your system, please compare the following screenshots against your computer. Hardware information screens are provided for Windows, OS X and Linux for each USB dongle:
| Vendor | Affected Devices | Advisory | Vendor Response | USB ID Screenshots |
|---|---|---|---|---|
| AmazonBasics | Wireless Mouse MG-0975 USB dongle RG-0976 (USB ID 04f2:0976)) | #7 HID Packet Injection | ||
| Dell | Dell KM714 Wireless Keyboard and Mouse Combo KM714 USB dongle (USB ID 046d:c52b) KM632 Wireless Mouse USB dongle (USB ID 413c:2501) | #1 Force Pairing #2 Keystroke Injection #3 Fake Mouse #7 HID Packet Injection #11 Unencrypted Keystroke Injection Fix Bypass | Statement | |
| Gigabyte | K7600 wireless keyboardUSB dongle (USB ID 04b4:0060) | #6 Packet Injection | ||
| HP | Wireless Elite v2 keyboardElite USB dongle (USB ID 03f0:d407) | #5 HID Packet Injection | ||
| Lenovo | 500 Wireless Mouse (MS-436)500 USB Dongle (USB ID 17ef:6071) | #9 HID Packet Injection | LEN-4292 | |
| Logitech | K360K400rK750K830Unifying dongle (USB ID 046d:c52b)Tested firmware versions:012.001.00019012.003.00025 | #1 Force Pairing#2 Keystroke Injection#3 Fake Mouse | Firmware Update(With above update, #1, #2 & #3 are solved.) | |
| Logitech (update) | K400rLogitech Unifying Dongles C-U0007 (FW ver 012.005.00028) & C-U0008 (FW ver 024.003.00027) (both USB ID 046d:c52b)Logitech G900Logitech G900 dongle C-U0008 (USB ID 046d:c539) | #11 Unencrypted Keystroke Injection Fix Bypass#12 Unencrypted Keystroke Injection#16 Malicious Macro ProgrammingPlease note: these products also affected by KeyJack. | Firmware Update(With above update, #11 & #12 are solved.) | |
| Microsoft | Sculpt Ergonomic mouseWireless Mobile Mouse 4000Microsoft Wireless Mouse 50002.4GHz Transceiver v7.0 (USB ID 045e:0745)USB dongle model 1496 (USB ID 045e:07b2)USB dongle model 1461 (USB ID 045e:07a5) | #4 HID Packet Injection | 3152550Note: Mice part of a combo set are still vulnerable. | |
Note: links were updated in 2016 at time of discovery—vendors may change links without alerting us
Also covered in our advisories is a Denial-Of-Service vulnerability (Bastille Threat Research Team Tracking Number #8), which affects the following hardware:
| Vendor | Affected Devices | Advisory (with Tracking #) |
|---|---|---|
| Lenovo | N700 MouseN700 USB dongle (USB ID 17ef:6060)Ultraslim KeyboardUltraslim MouseUltraslim USB dongle (USB ID 17ef:6032)Ultraslim Plus KeyboardUltraslim Plus MouseUltraslim Plus USB dongle (USB ID 17ef:6022) | #8 Denial-Of-Service |
Although the Bastille Threat Research Team endeavored to test a wide variety of models of wireless keyboard and mice from multiple vendors, it is not possible to acquire and test every model available on the market. There may be other models and vendors that are affected by this class of vulnerability, so the list should not be considered definitive.
Advisories
The plain-text advisories can be found above, and at CERT/CC VU#981271
Remediation
- Immediately disconnect all affected USB dongles, and use wired keyboards and mice instead.
- If you are using affected Logitech or ‘Lenovo 500’ devices, please update your firmware by referring to the appropriate instructions (see appropriate Vendor Response links above).
Dongles from other vendors were not found to support upgrading of firmware, so it does not appear possible to patch them. Therefore it is recommended that users contact their preferred vendor and inquire into which models are not vulnerable for future purchases.
Tools
The Bastille Threat Research Team is releasing free, open source tools to enable interested parties to discover wireless mice and keyboards that may be vulnerable to MouseJack.
Please refer to: https://github.com/BastilleResearch/mousejack
