The undetectable attack is perpetrated from up to 300 feet away

 

Security experts demonstrate that wireless keyboards and mice are extremely vulnerable to outside interference, allowing attackers to easily intercept the data packets and hack your computer. Taking advantage of the often unencrypted communication between the PC dongle and the wireless input device, hackers can perpetrate these “mousejack” attacks from up to 300 feet (100 meters) away. Once inside, it becomes easy to transmit malicious packets that generate keystrokes.

Researchers from Bastille Networks found non-Bluetooth devices from seven manufacturers are vulnerable to this attack vector, including Logitech, Dell, and Lenovo. They observed that the wireless communication between the keyboard and the dongle is encrypted, but that between the mouse and its dongle is not. At least, not in any of the mice tested by Bastille Networks.

As a result, the mouse’s dongle will accept outside commands in the same way it accepts those from the user. This permits the hacker to insert micro packets of malicious content that generate keystrokes equal to 1,000 words-per-minute. Vulnerable dongles cannot distinguish impersonated mice from real ones.

Wireless keyboards, although they transmit encrypted RF data, are equally unsafe because some dongles do not require encryption. Unfortunately, this means that hackers can spoof the keyboard and transmit unencrypted packets to the dongle, which in turn inputs the commands into the computer.

"Depending on the speed of the attack and how closely the victim is paying attention, it can happen pretty quickly,” said research Marc Newlin. At the current rate, it takes as little as 10 seconds to install a rootkit. Worse, exploiting the vulnerability requires little more than a $15 USB receiver and 15 lines of Python code, readable by all Windows, Mac, or Linux OS, says Bastille founder Chris Rouland.

“At this point, they can inject malware, or compromise an air-gapped network by turning on Wi-Fi on the target,” Rouland said.

Following the report, Bastille contacted and informed all major vendors within the last 90 days; Logitech already having developed and launched a firmware update to counter the issue. Unfortunately, more than half of the mice tested are unpatchable and cannot be updated, and most likely continued to be used, leaving a wide host of vulnerable devices.

Resolving this issue is pertinent, for its repercussions run deep: Bastille notes that new devices can be forcefully paired with old dongles to enact the same type of breach, granting undetected access in to any machine.

“An attacker doesn’t need to know any information about the target victim outside of the OS running,” Newlin said. “It’s straightforward to use the dongle and python code to discover devices and learn whether they’re vulnerable.”

Source: Threatpost