*Flaw Puts a Billion Wireless Mice at Risk

By John P. Mello, Jr  …..

Wireless mice and keyboards are the perfect accessories for a world in which devices increasingly are shuffling off their connection coils, but those accessories — especially untethered rodents — also can create new threats for those who use them.

One such threat is called: Mousejack. The attack exploits a vulnerability found in 80 percent of wireless mice. With $15 worth of off-the-shelf hardware and a few lines of simple code, a wireless mouse can be turned into a hacker’s portal for all kinds of mischief.

Mousejack — the name Bastille, Inc, which discovered the flaw last year, gave to the vulnerability — impacts more than a billion wireless mice worldwide, the company’s chief revenue officer, Ivan O’Sullivan, said.

One of Bastille’s engineers, Marc Newlin, discovered the vulnerability in non-Bluetooth wireless mice. The flaw in the mice is related to how the devices handle encryption.

“When evaluating these devices, it became apparent that they do not implement encryption in a correct way and make it possible to bypass encryption in certain situations,” he told TechNewsWorld.

Speed Typing

That allows an attacker to forge and transmit wireless packets to the USB dongle of a target’s mouse and use that to inject keystrokes into that target’s computer.

“Taking advantage of that, an attacker from 225 meters away [246 yards] can type on a target’s computer,” Newlin said.

Typing is a relative term here. The keystrokes sent to the dongle could be automated, which means a hacker could type as fast as 1,000 words a minute.

“You could very quickly execute an attack,” Newlin said. “You could bring up a command window, type some commands, download some malware, and close the window all in a matter of seconds.”

“If a victim’s attention is elsewhere for a short period of time, an attack can be executed without their knowledge,” he added.

160 Million Weak Links

The vulnerability poses a large threat not only to consumers but to businesses too. Eighty-two percent of businesses allow their employees to use wireless mice at work, according to a survey of 900 organizations Bastille released last month.

Most of the respondents were concerned about the mousejacking problem, but 21 percent said they were unconcerned about it, and 16 percent said they’d continue to use their wireless mouse even if it had the vulnerability.

“Sixteen percent of a billion devices is 160 million weak links in an organization’s security chain,” O’Sullivan told TechNewsWorld.

For data source please write the editor

Advertisements