Use a wireless mouse? This $15 hack could compromise your laptop – CNET

They broke in like it was nothing. They could have wiped my hard drive, stolen my files, or practically anything nefarious you can do with a computer.

Just watch:

All because I had a wireless mouse dongle plugged into my laptop. And all they needed was a simple antenna that costs as little as $15 at Amazon.

Thankfully, “they” were a pair of security researchers from a company called Bastille, and every company that builds wireless mice and keyboards has already been alerted to the issue. (If you believe your system might be vulnerable, here is a link to a fix, provided to us by Logitech: RQR_012_005_00028.exe.)

But if not, you too might be vulnerable to this technique. They’re calling it a “Mousejack.”

What Bastille security researcher Marc Newlin discovered was this. If you can send out a wireless signal that pretends to be a wireless mouse, most wireless USB dongles will happily latch onto it — no questions asked. Then, you can have that fake wireless mouse pretend to be a wireless keyboard — and start controlling someone else’s computer.

A Logitech Unifying dongle, which can be updated to patch this vulnerability.


Sarah Tew/CNET

With a laptop and a cheap wireless USB antenna called a Crazyradio, Newlin found he could do that from up to 200 meters away. Of course, you can’t easily see someone’s laptop screen from that far out, but that doesn’t mean the hack isn’t dangerous. A sequence of keyboard shortcuts is enough to wipe a hard drive — or open a browser, navigate to a website, download malware and install it on a computer.

Normally, wireless keyboards send encrypted signals, so hackers can’t spoof them and take over your PC. But wireless mouse traffic isn’t encrypted, according to Chris Rouland, CTO and founder of Bastille, because peripheral manufacturers didn’t think it was necessary. Many of the tiny USB dongles used to wirelessly connect mice and keyboards are always listening for a new mouse, and they’ll transmit whatever Bastille’s fake “mouse” tries to send.

According to Bastille, because so many of these dongles use the same wireless chip — a Nordic Semiconductor part — there could be millions upon millions of vulnerable devices out there. The dongles that come with mice and keyboards from Logitech, Microsoft, Amazon, Dell, HP, Lenovo and Gigabyte are at risk. Here’s a list of the affected devices that Bastille has found so far.

Marc Newlin stands above a table full of vulnerable devices.


Bastille

Thankfully, the vulnerability doesn’t affect Bluetooth devices, or USB wireless dongles that aren’t actively in use. Even if you’ve got one of these dongles sticking out the side of your laptop, Newlin’s antenna and program can’t find it unless it can latch onto the wireless signal from your mouse.

Perhaps the worst part of the vulnerability is that many dongles can’t be fixed. While Logitech Unifying devices have dongles that can be upgraded — and Logitech tells us its other Nano dongles aren’t affected — Bastille says that others may be permanently vulnerable. Lenovo told Wired that it will replace vulnerable devices for any customer who asks. Dell told Forbes that its KM714 keyboard and mouse will soon be updatable with the same Logitech patch, but other devices may need to be swapped out. We reached out to HP but have yet to receive a reply.

And the fact that Logitech Unifying dongles are upgradable could be a mixed blessing, because Rouland believes that hackers could also theoretically use them as transmitters. Hack one dongle, turn it into a transmitter to hack any others it sees. Suddenly, you’ve got a virus on your hands.

Here’s the device that Newlin used to break into my laptop. It costs $12. All he had to do was hook it up to his laptop, write 15 lines of Python code, and wait for me to move my mouse. If you see someone using one of those at your local coffee shop — or in your workplace — be warned.

Comments

Write a Reply or Comment:

Your email address will not be published.*