March 2, 2016

Don’t Get MouseJacked — Bastille

Don’t Get MouseJacked

Bastille has recently announced the discovery of a security vulnerability that puts billions of PC’s and millions of networks at risk.

Maybe even yours.

It’s called MouseJack and it’s a massive security flaw in wireless mouse and keyboard dongles.Affected vendors include: Logitech, Dell, HP, Lenovo, Microsoft, Gigabyte, and AmazonBasics.

MouseJack was discovered by Bastille Engineer and Researcher Marc Newlin. He was able to exploit the vulnerability and prove that hackers as far as 100 meters away (that’s just over the length of a football field) could potentially exploit the affected wireless mouse or keyboard and use it as a portal to potentially take over a computer, transfer files, insert malware, delete the contents, and even infiltrate a network.

To see MouseJack in action, watch this video.

MouseJack is a breakthrough discovery that has caught the world’s attention. The Bastille MouseJack announcement has been published in more than 80 online publications and broadcast outlets ranging from Forbes, WIRED, CNET, Dark Reading, CBS News, Yahoo Tech, and Network World, to name a few.

MouseJack adds new research into the community concerning major security vulnerabilities with wireless mice and keyboards.  In 2010 Thorsten Schröder and Max Moser released details of a different vulnerability dubbed “KeyKeriki v2.0 – 2.4GHz”.  The KeyKeriki project targetted XOR-encrypted Microsoft dongles, exposing a weakness in their encryption scheme. The KeyKeriki work was extended in 2011 by Travis Goodspeed – “Promiscuity is the nRF24L01+’s Duty”.

In 2015, Samy Kamkar released the broadly reported KeySweeper hack.

KeySweeper is a stealthy Arduino-based device, camouflaged as a functioning USB wall charger, that wirelessly and passively sniffs, decrypts, logs and reports back (over GSM) all keystrokes from any Microsoft wireless keyboard in the vicinity.”

For links to the research detailed above, and a discussion of how MouseJack builds on the previous research in the area, read this whitepaper

Unlike these earlier exploits which attacked the encryption schemes for dongle to keyboard communication, Mousejack shows that an attacker can entirely bypass a dongle’s encryption scheme and powerdrive keystrokes to the computer (Windows or Mac).   These keystrokes impersonate the user and thus have all the authority to steal data and damage local or network file systems that the logged-in user has.

You’ll find comprehensive information on Bastille’s MouseJack findings and a list of affected devices and vendors at www.mousejack.com.

Close your cybersecurity gaps with AI-driven wireless visibility

See Bastille in action with a live demo from our experts in wireless threat detection.