Posted on 02/25/2016 6:36:42 AM PST by ShadowAce
They broke in like it was nothing. They could have wiped my hard drive, stolen my files, or practically anything nefarious you can do with a computer.
All because I had a wireless mouse dongle plugged into my laptop. And all they needed was a simple antenna that costs as little as $15 at Amazon.
Thankfully, "they" were a pair of security researchers from a company called Bastille, and every company that builds wireless mice and keyboards has already been alerted to the issue. If you have a Logitech Unifying receiver, there's already a fix. (Here is a link to a patch provided to us by Logitech: RQR_012_005_00028.exe.)
But if not, you too might be vulnerable to this technique. They're calling it a "Mousejack."
What Bastille security researcher Marc Newlin discovered was this. If you can send out a wireless signal that pretends to be a wireless mouse, most wireless USB dongles will happily latch onto it -- no questions asked. Then, you can have that fake wireless mouse pretend to be a wireless keyboard -- and start controlling someone else's computer.
With a laptop and a cheap wireless USB antenna called a Crazyradio, Newlin found he could do that from up to 200 meters away. Of course, you can't easily see someone's laptop screen from that far out, but that doesn't mean the hack isn't dangerous. A sequence of keyboard shortcuts is enough to wipe a hard drive -- or open a browser, navigate to a website, download malware and install it on a computer.
Normally, wireless keyboards send encrypted signals, so hackers can't spoof them and take over your PC. But wireless mouse traffic isn't always encrypted, according to Chris Rouland, CTO and founder of Bastille, because peripheral manufacturers didn't think it was necessary. Many of the tiny USB dongles used to wirelessly connect mice and keyboards are always listening for a new mouse, and they'll transmit whatever Bastille's fake "mouse" tries to send.
According to Bastille, because so many of these dongles use the same wireless chip -- a Nordic Semiconductor part -- there could be millions upon millions of vulnerable devices out there. Many of the dongles that come with mice and keyboards from Logitech, Microsoft, Amazon, Dell, HP, Lenovo and Gigabyte are at risk. Here's a list of the affected devices that Bastille has found so far.
Thankfully, the vulnerability doesn't affect Bluetooth devices, or USB wireless dongles that aren't actively in use. Even if you've got one of these dongles sticking out the side of your laptop, Newlin's antenna and program can't find it unless it can latch onto the wireless signal from your mouse.
Perhaps the worst part of the vulnerability is that many dongles can't be fixed. While Logitech Unifying devices have dongles that can be upgraded -- and Logitech tells us its other Nano dongles aren't affected -- Bastille says that others may be permanently vulnerable. A Lenovo spokesperson told us it believes the issue is limited to its Lenovo 500 wireless keyboards and mice, and while users can't update those themselves, Lenovo is ready to exchange them for ones with a newer, safer firmware version.
Dell tells us that owners of its KM632 and KM714 keyboard and mouse sets should call technical support, and told Forbes that though its KM714 keyboard and mouse will soon be updatable with the same Logitech patch, other devices may need to be swapped out. Microsoft tells us it will investigate the issue and "provide resolution as soon as possible." We also reached out to HP, Amazon and Gigabyte but have yet to receive a reply.
The fact that Logitech Unifying dongles are upgradable could be a mixed blessing, because Rouland believes that hackers could also theoretically use them as transmitters. Hack one dongle, turn it into a transmitter to hack any others it sees. Suddenly, you've got a virus on your hands.
Here's the device that Newlin used to break into my laptop. It costs $12. All he had to do was hook it up to his laptop, write 15 lines of Python code, and wait for me to move my mouse. If you see someone using one of those at your local coffee shop -- or in your workplace -- be warned.
Update, 10:48 p.m. PT: Crazyradio prices on Amazon have jumped significantly in the hours since we published this story.
I saw this yesterday and downloaded the Logitech firmware patch.
Sure, in theory at least any RF device can be monitored and hacked, by passive monitoring or the “man in the middle” technique. Thinking encryption or security features will prevent this is like thinking a really good lock will prevent someone from breaking into your house. Better locks create a demand for better lockpickers.
In a practical sense, someone would be lucky to get into my Logitech Unifying Recerver from TWO feet away at times much less twenty. The distance of these things sucks.
Oh no.
Someone might steal copies of all my superhero novels and early twentieth century detective stories.
All my ebooks are belong to them.
I’d be more worried about someone hacking the Bluetooth keyboard signal and logging all of the keystrokes than I would be about someone spoofing a keyboard or mouse.
bookmark
Saved
My wireless keyboard has military spec encryption.
My mouse is Bluetooth.
I’m covered.
Yes, and you need some better titles. Just saying.
Bkmrk.
Any chance of it affecting Linux? (They changed the name Logitech to Logicool a few years ago here, but same company, as far as I know..)
Shouldn’t be too much a worry anyway, I switch the mouse off when I’m not too active on it to save battery.
bfl
It looks like they are attacking the driver/firmware of the USB dongle--not anything in the OS. They are thus connecting to your laptop/computer without having to login or other attack vectors.
So--this would be OS-independent, and all are vulnerable if you use a wireless mouse.
Wires, wires, wires. Keyboard, mouse, Ethernet cable.
If you’re paranoid, you can store your mouse and keyboard in a safe when not in use.
Your mouse is probably assumed to be the logged in user. If you are logged into Linux with an unprivileged account, it probably couldn’t do much damage.
This stuff never ends. There will always be security threats as long as there are high tech criminals. The problem is that all of the methods used to deal with this are defensive. What I want are some offensive options that attack and destroy the system that is attempting to break into my system.
Ping to check out later.
I’ve got Logitech and I’ve done the patch... great post.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.