MouseJack Hacks Target Wireless Keyboards and Mice Within 100 Meters

By on Feb 26, 2016

Every year, more and more words are making it into the English dictionary. The next one to make its debut might be the term MouseJack: a cyberattack involving hijacking a computer through its wireless mouse.

This attack was recently discovered by researchers, who found that it allowed hackers to compromise devices through wireless accessories within 100 meters. To be more specific, they were able to do so by taking control of USB dongles, which connect PCs to gadgets like mice and keyboards. These dongles listen to radio signals coming from say, a mouse, which essentially tell the computer what to do.

The security issue? These dongles will listen and respond to any command resembling one from the original mouse—allowing fake radio signals to seep through and gain control.

And that’s not the worst of it. These hackers, or mousejackers, can then trick the USB dongle into receiving keyboard directions. Now, if you’re lucky, a friend might use this hack to pull a prank and type funny phrases onto your computer from afar. Unfortunately, this sort of attack has the potential to be anything but innocent. Cybercriminals could potentially use the keyboard control capabilities to install malware onto your device, or gain access to your sensitive information.

So many factors make mousejacking unique to other malicious activities. Many of today’s cybersecurity breaches involve the hacker gaining access to private data by coaxing users into clicking on a phony link, or exploiting system backdoors. Meanwhile, when someone gets mousejacked, criminals are directly controlling their computer through a radio signal.

The most shocking part of the hack? It’s remarkably easy to pull off. It’s a very low-tech process that only requires a $12 antenna to execute. This computer antenna allows hackers to create their own radio signals—even if the wireless device targeted is designed to encrypt communications with the PC it’s paired with. That’s scary stuff.

In response to these discoveries, many wireless mouse and keyboard manufacturers have released statements around the hack. Many are even working on a security update for their products, which is great news.

As we increasingly rely on wireless gadgets in our lives, it’s important to have security top of mind. Even high-tech devices can be made vulnerable from constantly evolving hacker methods. With that in mind, here are a few tips to stay protected from mousejacking:

  • Keep wireless devices up-to-date. If you have a wireless accessory for your PC, keep an eye on the manufacturer’s latest security patches. The best way to keep your gadgets protected, wireless or not, is to keep them updated. General software updates will often also include security fixes, so tune up your devices whenever given the chance.
  • Cut hackers off at the source. Mousejacking can only happen if the hacker is 1) within 100 meters of your computer, and 2) if you’re using a USB dongle for device pairing. If you notice your mouse or keyboard jabbering away on its own, unplug the dongle and report the issue to the manufacturer immediately.
  • Research before you buy. We’re likely to see another explosion of wireless and Internet-connected products in the next few years, and it’s easy to get carried away by all the shiny new toys. But be sure do yourself a favor and do a bit of research before taking the plunge with a new product. Make sure it’s a strong and secure fit.

 

gary

About the Author

Gary Davis

Gary Davis was previously McAfee's Consumer Security Evangelist providing security education and advice to businesses and consumers. He is a sought-after speaker on trends in digital security, appearing at conferences and events, as well as security and consumer lifestyle broadcast outlets and publications such as ABC, NBC, FOX, the Wall Street Journal, USA Today, Money ...

Read more posts from Gary Davis

Subscribe to McAfee Securing Tomorrow Blogs