This allows potential attackers to intercept these signals with their own wireless device. They can tell to which pair of mouse and a receiver the data belongs. Then they can send their own signals to the victim’s receiver and request a new hardware pairing. This allows them to connect their own mouse or a wireless keyboard to the target computer and obtain sensitive data, spread malware and more.
Hackers can even just send along a sequence of keypresses that will do their desired action for them. They don’t have to move the pointer around the screen like the hacker in the video of the security company. When the experts were testing this method, they managed to generate over a 1000 words per minute in the target computer and install a rootkit under ten seconds.
According to one of the authors of the security study, Marc Newlin, an attack like this can be pulled off with an equipment worth less than 15 dollars. And with just fifteen lines of code.
MouseJack seems to affect a huge amount of mice from many manufacturers – out of seventeen models tested, only two were safe. Even devices from big-name manufacturers like Logitech, Lenovo, Amazon or Microsoft were found vulnerable. The researchers have published a list of affected devices on their website, but they say it’s not in any way complete. It lists only the vulnerable devices they themselves tested – testing every model on the market would be impossible.
As is usual with security experts, the researchers from Bastille have first consulted their findings with manufacturing companies to give them time to fix this vulnerability. They have done so months before they revealed MouseJack to the public. Even so, only some of the companies have put out firmware patches that should prevent these kinds of attacks. And the experts claim that some of the devices can’t be patched at all.
Manufacturing companies are trying to play the discovery down a bit – according to one of the senior engineers from Logitech Asif Ahsan, the researchers have found the flaw in a controlled, experimental environment. “The vulnerability would be difficult to replicate and it would require physical proximity to the device,” Ahsan said.
MouseJack really does have a limited reach.
According to the experts, a computer can be attacked this way only when it’s closer than hundred yards (about 90 meters) away. Newlin thinks that this would still be enough for the attacker to sit in a lobby of a bank, for example, and to attack computers elsewhere in the building. And the method is complex, but MouseJack is now fully accessible and well documented on a code-sharing site GitHub.
Most security experts agree that this is a new and interesting vector of attack that is not yet fully researched. Bastille is now working on an app for Android that could find vulnerable computer peripherals in its vicinity. However, there have already been calls for an automatic tool that could be used to exploit this vulnerability by hackers and criminals. Experts recommend to update the firmware of your device or using Bluetooth or wired devices only.