Your IT Consultant

Flaws in Wireless Keyboards and Mice Potentially Expose User’s Data

February 29, 2016

A very large number of wireless keyboards and mice pair with a USB dongle in order to transmit data through the air. Security firm Bastille released an advisory identifying seven different companies' wireless keyboards and mice as being vulnerable to an exploit they call "mousejacking." The companies mentioned include Logitech, Dell, Microsoft, HP, Amazon, Gigabyte and Lenovo. According to a Wired article, someone equipped with a nearby antenna can inject keystrokes and mouse movement even when the device is designed to be paired with a computer sending encrypted data.

Bastille's CEO said that it only took about fifteen lines of code and a $12 USB radio dongle attached to his laptop to run their code and pair with the target device. They have tested the exploit as far as a hundred yards, with the attack being more reliable with a more powerful Yagi antenna. The exploit takes advantage of a collection of problems with the firmware of wireless devices that use chips sold by the Norwegian firm Nordic Semiconductor. Several manufacturers have already developed firmware that isn't vulnerable to the attack. Yet again, another reason to make sure you always install the latest patches when available. Using Bluetooth connected devices would be a better choice and going "wired" would be even better.

E-mail: Phone: 703.359.0700
Digital Forensics/Information Security/Information Technology
http://www.linkedin.com/in/johnsimek
http://www.senseient.com