Researchers say that wireless mouse could expose billions of computers to hacking
Bastille Networks, a startup cyber security company that looks to better patrol wireless traffic has discovered a flaw that could possibly allow hackers to attack and take over computers using a wireless mouse connection, which could leave millions of networks and billions of computers vulnerable to attack.
The cyber security firm said Wednesday that while Bluetooth devices are not vulnerable for the same kind of attack, wireless mouse and keyboards using radio communication protocols operating in the 2.4GHz ISM band are subject to hacking from up to 100 meters away.
The security researchers, Marc Newlin and Balint Seeber at Bastille Networks found that wireless mouse made by the likes of HP, Dell, Lenovo, and Amazon could be security risks as they use unencrypted signals to communicate with computers. In other words, the seemingly innocent-looking wireless mouse could actually be a way for hackers to break into your computer.
“They haven’t encrypted the mouse traffic that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer. This would be the same as if the attacker was sitting at your computer typing on the computer,” said Newlin.
A hacker uses an antenna, a wireless chip called a dongle, both available for less than $20 (USD), and a simple line of code to trick the wireless chip connected to the target computer into accepting it as a mouse.
“So the attacker can send data to the dongle, pretend it’s a mouse but say ‘actually I am a keyboard and please type these letters’,” added Newlin.
“If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute,” said Chris Rouland, the CTO and Founder of Bastille.
The hacker can take over the computer or gain access to a network due to the vulnerability of the wireless mouse within seconds.
Rouland says that while companies are very good at encrypting and protecting their networks and websites, they do not reimburse for all cyber traffic across the whole radio spectrum. He says it’s time to re-think cyber security, particularly in the world where smart phones are capable of transferring huge amounts of data per second.
“No one was looking at the air space. So I wanted to build this cyber x-ray vision to be able to see what was inside a corporation’s air space versus what was just plugged into the wired network or what was on a Wifi hotspot,” said Rouland.
Bastille is hoping to cash in on its security error findings and provide new types of sensors that take into consideration more of the dangers present in a wireless world.
Meanwhile, Bastille is keeping a check on the wireless mouse problem. Some companies are beginning to provide firmware updates to correct the security issues pointed out the company.