Many people prefer using wireless mice and keyboard to make their work and play easier by avoiding the cumbersome cables and wires. But, what about the wireless signals that your mouse uses? We use firewalls and other security measures for protecting our PC’s network connections but ignore other communications. Outlining some unnoticed threats involved, researchers at Bastille Networks showed how to hack a PC by hijacking wireless mice and keyboards.
The researchers have found a flaw in the way how many popular brands and their receivers transmit data between the computer and mouse. Their way of handling encryption could leave billions of computers vulnerable to hacking, the security firm warned in its report.
Mousejack attack radio dongle
Using just a few lines of code and a $30 long-range radio dongle, a hacker can sniff radio signals coming out of the victim’s mouse. As a result, the hacker can replace the signals with his own and control the victim’s system.
Thus, a hacker can use the target computer as if he was in front of it with full control, Chris Rouland, the founder of Bastille, told Motherboard. “All computers trust their keyboards because humans use keyboards, so taking over a keyboard is kind of like the ultimate hack,” Rouland added.
Also read: How White Hat Hackers Hacked An Offline Laptop In Another Room Within Seconds
Bastille has named this attack as “Mousejack” and it mainly deals with the encryption issues between the dongle and the mouse. The firm claims to have carried out the attack from up to 300 feet away from victim’s system.Motherboard outlines that it’s “not an easy attack to pull off.” The hacker needs to be close to the target and it targets one person at a time. It’s kind of a “blind attack” as the attacker should be close enough to see the screen to do some considerable amount of harm.
However, those small packets of data are enough to install malware or a rootkit capable of opening access to your system. To fix the issue, Bastille has informed multiple OEMs and patches are being released.
FREE Video Training Course:Online Penetration Testing and Ethical Hacking.