Site icon Sophos News

Mousejacking – what you need to know

US startup Bastille Networks boldly claims to be “the first and only company to completely secure the Enterprise,” even though it doesn’t have any products on its website yet.

But it is nevertheless making waves with a vulnerability it’s calling Mousejacking, caused by a raft of security problems the company says it’s found in numerous wireless mouse and keyboard products.

The researchers took a USB dongle used to control a drone product called CrazyFlie, and hacked the firmware to turn it into a mouse-and-keyboard sniffer.

Using the hacked dongle, known as the Crazyradio PA (PA stands for power amplifier), they were able to investigate the communications protocols used by the sort of wireless mouse and keyboard that itself relies on a USB dongle to operate.

NB. Mousejacking only applies to USB-based mice and keyboards. Bastille’s research doesn’t cover Bluetooth devices.

They found a number of security problems in the way many devices handle the data that flows from your mouse or keyboard to your computer.

The most notable findings include:

You’d probably back yourself to notice if someone else started typing additional keystrokes while you were working, or moving your mouse where you didn’t expect it to go.

You might suspect a hardware malfunction, a software bug or even a malware infection at first, but you’d nevertheless hope to spot any jiggery-pokery pretty quickly and take action against it.

Of course, as Bastille points out, it might already be too late, because a software-controlled “attack keyboard” can type much faster and more consistently than the average human typist, and damage is easy to do with even a few maliciously-planned keystrokes or mouse clicks.

Or you might have wandered away from your computer just for a moment without manually locking your screen, giving an attacker as much as two minutes (you do have an automatic screen lock of two minutes or less, don’t you?) to take over your computer from a nearby table in the coffee shop.

What to do?

One very popular USB dongle that is affected is Logitech’s so-called “Unifying receiver” (they’re marked with a stylised orange logo that looks like an icon of the sun) that works with a whole raft of different Logitech mouse and keyboard models.

Logitech has published a firmware update that claims to patch the Unified receiver product. (You need Windows to run the updater.)

How to lock your screen immediately

That’s easy.

On Macs, a brief press of the Power key will do it. (On older Macs, use Shift+Control+Eject.)

On Windows, use Windows+L.

A cool hack (in the good sense of the word) on the Mac is to add the ScreenSaverEngine application to your Dock, so you’re just one click away from your screen saver at any time. In Finder, choose Go | Go to Folder... and enter the directory name /System/​Library/​Frameworks/​ScreenSaver.framework/​Versions/​A/​Resources/. Find the file ScreenSaverEngine.app and drag a copy the Dock. Now you have an icon that will engage the screensaver immediately.


Exit mobile version