A flaw in the way several popular models of wireless mice and their corresponding receivers, the sticks or “dongles” that plug into a USB port and transmit data between the mouse and the computer, handle encryption could leave “billions” of computers vulnerable to hackers, security firm Bastille warned on Tuesday.
In short, a hacker standing within 100 yards of the victim’s computer and using a $30 long-range radio dongle and a few lines of code could intercept the radio signal between the victim’s mouse and the dongle plugged into the victim’s computer. Then this hacker could replace the signal with her own, and use her own keyboard to control victim’s computer.
For Rouland, these vulnerabilities, which affect non-Bluetooth mice produced by Logitech, Dell, Lenovo and other brands, are a harbinger of the near future of the Internet of Things when both companies and regular consumers will have hackable radio-enabled devices in their offices or homes. It’s worth noting that Bastille specializes in Internet of Things (IoT) security, and sells a product for corporations that promises to “detect and mitigate” threats from IoT devices across all the radio spectrum. That obviously means the firm has a vested interest in highlighting ways companies could get hacked.
This attack in particular, which Bastille has branded with the hashtag-friendly word “MouseJack,” builds on previous research done on hacking wireless keyboards. But in this case, the issue is that manufacturers don’t properly encrypt data transmitted between the mouse and the dongle, according to Bastille’s white paper.