MouseJack flaw affects billions of devices2016-02-24 01:50 by Daniela
Tags: MouseJack, mouse, keyboard
Researchers from Bastille have found that wireless mice and keyboards can be used by hackers to install rootkits on computers. This can be done within 10 seconds, with equipment for less than $15. It's only necessary that an attacker is in range of 100 meters.
The so called "MouseJack" attack works on Linux, Mac and Windows computers. It is possible due to the lack of encryption of the wireless signal in most wireless USB devices as it's transferred from the peripheral to the wireless base station. As a result, an attacker can pretend to be a mouse or keyboard and transmit packets to a dongle, which can be passed on to the computer's operating system as if the victim had legitimately entered them.
"MouseJack poses a huge threat, to individuals and enterprises, as virtually any employee using one of these devices can be compromised by a hacker and used as a portal to gain access into an organization's network," said Chris Rouland, founder, CTO, Bastille. "The MouseJack discovery validates our thesis that wireless internet of things (IoT) technology is already being rolled out in enterprises that don't realize they are using these protocols."
Mice and keyboards of many manufacturers including Microsoft, Dell, Lenovo, HP, Gigabyte and Logitech may be affected.
Read more -here-