We go to extreme measures to protect our computers from hacks, unaware that our wireless keyboards or mice can be a significant security liability. A cheap antenna – e.g., a $12 geetech Crazyradio USB radio dongle or a more robust $15 Yagi antenna (all available at Amazon) can be used to perform a hack being referred to as a mousejack. Researchers from Bastille, an Internet of Thing Security firm, found out that over a billion devices are vulnerable to this hack. The worst case is that the hack affects mice and keyboards even from popular brands, including Dell, Lenovo, Microsoft, Logitech, Amazon and Gigabyte among other.
Wireless mice or keyboards function by sending a signal to USB dongles, which interprets them and executes the necessary function. This concept is what mousejack is exploiting. A hacker just uses an antenna to send spurious signals, which are disguised as a wireless mouse or keyboard message and get control of your computer. With this control, the interloper can inject keystrokes at the rate of a thousand words per minute even when your computer has been designed to encrypt and authenticate its communication with paired devices.
Air-gapped computers have emerged as being among the most vulnerable targets. An air-gapped computer is a device that has no physical connection to a network. Commonly, this action is supposed to make them safer, but not the case when it comes to mousejack.On a positive note, this hack is only possible when the hacker is within a few meters from you. Distance is directly proportional to the strength of the antenna, though Bastille noted that 200 meters is the furthest possible distance the can be execute.
Most may wonder what a hacker can do with the control of your mouse or keyboard. He/she might not have much to work with, but there are sequences of simple shortcuts, which can open a browser, navigate to a website and download and install malware. The hacker can also wipe a hard drive clean. Fortunately, for the hack to work successfully, the PC should be unlocked, and the hacker should have a clear vision of the screen.
What makes our wireless keyboard or mice vulnerable originate from the manufacturing process, down to their marketing. Chips designed by the Norwegian firm Nordic Semiconductor are capable of encryption but requires vendors to write their firmware to implement the encryption. This is unlike standard Bluetooth chips, which are encrypted by manufacturers. Most of the affected companies never took advantage of the encryption option provided hence allowing dongles that receive keyboard or mouse signals to also to accept other device using the same radio protocol.
Luckily, the vulnerability does not affect Bluetooth device or USB wires dongles that are not actively in use. A Lenovo spokesperson noted that the vulnerability is limited to Lenovo 500 wireless keyboards and mice. These can’t be updated through the internet. Hence, Lenovo’s decision of exchange them for new and safer firmware version. Dell also noted that owner of its KM714 and KM632 keyboards and mice should contact technical support. The issued PDF statement concerning this and noted Updates for the mice and keyboards will soon be available. Microsoft indicated that it would investigate the situation and come up with an appropriate solution. Logitech has already provided a patch for their devices on the internet. HP, Gigabyte, and Amazon have not yet issued a reply to this concern.
Last year, hacker Sammy Kamkar released codes and specs for KeySweeper – a fake USB charger that can eavesdrop and inject keystrokes from certain Microsoft wireless keyboard. KamKar’s device only worked on unencrypted devices. Kamkar device and mousejack might just be indicating new hacking strategies that are simple and tough to notice with the ability to cause disastrous outcomes.
Feature Image Credit: CBS News