How Criminals Could Hijack Wireless Mice to Hack Computers from Afar
Researchers warn that “billions” of computers are vulnerable, but experts caution that attack is not easy to reproduce or perform at scale.
Wireless computer mice give users the convenience of not having to deal with cumbersome wires and cables. But they might also open up the door for malicious hackers to get a way into their computers, researchers warn.
A flaw in the way several popular models of wireless mice and their corresponding receivers, the sticks or "dongles" that plug into a USB port and transmit data between the mouse and the computer, handle encryption could leave "billions" of computers vulnerable to hackers, security firm Bastille warned on Tuesday.
In short, a hacker standing within 100 yards of the victim's computer and using a $30 long-range radio dongle and a few lines of code could intercept the radio signal between the victim's mouse and the dongle plugged into the victim's computer. Then this hacker could replace the signal with her own, and use her own keyboard to control victim's computer.
"All computers trust their keyboards because humans use keyboards, so taking over a keyboard is kind of like the ultimate hack."
At that point the hacker could use the victim's computer just like she was in front of it, with "full control of the keyboard," Chris Rouland, the founder of Bastille, told Motherboard.
"All computers trust their keyboards because humans use keyboards, so taking over a keyboard is kind of like the ultimate hack," Rouland said.
For Rouland, these vulnerabilities, which affect non-Bluetooth mice produced by Logitech, Dell, Lenovo and other brands, are a harbinger of the near future of the Internet of Things when both companies and regular consumers will have hackable radio-enabled devices in their offices or homes. It's worth noting that Bastille specializes in Internet of Things (IoT) security, and sells a product for corporations that promises to "detect and mitigate" threats from IoT devices across all the radio spectrum. That obviously means the firm has a vested interest in highlighting ways companies could get hacked.
This attack in particular, which Bastille has branded with the hashtag-friendly word "MouseJack," builds on previous research done on hacking wireless keyboards. But in this case, the issue is that manufacturers don't properly encrypt data transmitted between the mouse and the dongle, according to Bastille's white paper.
But despite Bastille's claims that is a "massive" vulnerability, this is not an easy attack to pull off, and it needs to be done on one target at a time, as the hacker needs to be close to the target. The main issue is that the hacker likely needs to be able to see the victim's screen to be able to successfully hack the victim, according to security researchers who reviewed the research for Motherboard.
"It's a blind attack," said Tod Beardsley, the security research manager at Rapid7. That is, he added, unless the attacker is close enough to see the screen.
That's why, according to Adrian Sanabria, a security analyst at at 451 Research, MouseJack actually "isn't a huge risk."
It could be "a lot of fun for pranks, maybe, but it would be difficult to practically use this vulnerability," Sanabria told me. "In specific scenarios, sure, you could mess with someone's computer, but without the ability to use the keyboard, it would be slow going to get a virtual keyboard up and start to hack the system."
Moreover, it's going to be very hard to pull this off while the victim is using the computer, Sanabria added. But Beardsley said that's possible if the attacker can guess the screen "geometry" and navigate to well-known controls.
Bastille published a list of affected devices, and said it reached out to the manufacturers to alert them of the vulnerabilities last year.
It could be "a lot of fun for pranks, maybe, but it would be difficult to practically use this vulnerability."
A Logitech spokesperson told Motherboard that the company has released new firmware that fixes the vulnerability on its Unifying dongle, which works with several mice. Users who want the fix have to download the firmware and install it themselves.
A Dell spokesperson said that consumers who own the KM714 keyboard and mouse combo can get the Logitech firmware patch through Dell Tech Support. But for users who own the KM632 combo, the company suggests a replacement.
Microsoft simply sent a statement saying the company "has a customer commitment to investigate reported security issues, and will proactively update impacted devices as soon as possible," but declined to offer any more details.
Lenovo posted an official advisory for its customers, and offered to replace the affected models.
Amazon, Gigabyte and HP did not respond to a request for comment.
If you're using a wireless dongles that uses radio frequency, and you are worried hackers could target you, the easiest solution is to physically disconnect the dongle when you're not using the computer, or get a Bluetooth keyboard and mouse. While those can be hacked too, the exploits against them are much harder to pull off.
This article has been updated to include Lenovo's response.