What is MouseJacking?
MouseJack is a class of vulnerabilities that affects the vast majority of wireless, non-Bluetooth keyboards and mice (Bastille, 2016). These peripherals are 'connected' to a host computer using a radio transceiver, commonly a small USB dongle (Bastille, 2016). Since the connection is wireless, and mouse movements and keystrokes are sent over the air, it is possible to compromise a victim's computer by transmitting specially-crafted radio signals using a device which costs as little as $15.
An attacker can launch the attack from up to 100 meters away. The attacker is able to take control of the target computer, without physically being in front of it, and type arbitrary text or send scripted commands (Bastille, 2016). It is therefore possible to perform rapidly malicious activities without being detected. The MouseJack exploit centers around injecting unencrypted keystrokes into a target computer (Bastille, 2016). Mouse movements are usually sent unencrypted, and keystrokes are often encrypted (to prevent eavesdropping what is being typed). However the MouseJack vulnerability takes advantage of affected receiver dongles, and their associated software, allowing unencrypted keystrokes transmitted by an attacker to be passed on to the computer's operating system as if the victim had legitimately typed them(Bastille, 2016).
Bastille MouseJack Youtube Video:
What should you do to protect yourself?
- Do not use a vulnerable peripheral that this attack can be carried out against. You should check your product vendor to make sure you are not using a vulnerable device. Bastille has a list of vulnerable devices that it knows about on the website in the references section below. Also keep firmware updated on peripheral devices.
- Always lock your computer when you step away. This should be done regardless of mousejacking threats as this should be best practice.
- Do not allow unauthorized USB devices in the environment. There are many device control products in the market that allow you to whitelist specific devices and block access to unauthorized devices.
Published by @portslug & @Wolfe409