Wireless mice and keyboards have been a staple for any office space looking for a clean cut look, and has been increasing in popularity steadily over the years. But it seems that even this innocent aesthetic improvement is now being exploited by cyber criminals.
Wireless mice and keyboards have been a staple for any office space looking for a clean cut look, and has been increasing in popularity steadily over the years. But it seems that even this innocent aesthetic improvement is now being exploited by cyber criminals.
Recently a relatively new malware known as Mousejack has been making the rounds, infecting business and personal PCs alike. The attack exploits a vulnerability found in 80% of wireless mice, and all it takes is a $15 off-the-shelf mouse and a few lines of code.
The Vulnerability
The vulnerability was discovered by a Bastille engineer, Marc Newlin, finding the compromise in non-Bluetooth wireless mice. The flaw is related to how the devices handle encryption.
Under evaluation the mice were found to implement encryption in a way that presented compromises in certain situations.
While Bastille has demonstrated the feasibility of a Mousejack attack, it has yet to be seen in the wild.
Still the vulnerability does present a huge threat to the business sector, yet eighty-two percent of businesses allow their employees to use wireless mice at work. Add to that the 21 percent of business owners who say they are unconcerned about the vulnerability.
An Open Door
This leaves an open door for a hacker sitting in a company lobby 225 meters away to access a user’s PC and begin typing. “Typing” of course being a relative term, as the keystrokes could be automated and executed at speeds of 1,000 words a minute.
“You could very quickly execute an attack, … You could bring up a command window, type some commands, download some malware, and close the window all in a matter of seconds.”
-Newlin
If a user’s attention is elsewhere for a short time, an attack can be executed without their knowledge.
Making this a huge potential vulnerability for users in all respects. This would virtually allow an unknown user to access your device much like a Trojan horse
…without requiring the horse.
Protek’s first priority is to keep you and your business secure, for more Tips and Tricks check out our Blog or Like and Follow us on Social Media:
