With the proliferation of connected devices making up the Internet of things, it seems that everything is hackable—televisions, cars and even refrigerators—and the list of entry points for hackers is getting longer. According to researchers at Bastille, a cybersecurity startup, hackers can tap non-Bluetooth wireless mice to squirrel their way into computers.
Wireless mice and keyboards work by transmitting certain radio frequency packets to a USB dongle—that teardrop kind of shaped thing—plugged to a computer. For example, when a user clicks the left mouse button, the mouse sends a packet to the USB dongle, telling the computer that the user clicked the left mouse button. Most companies encrypt data transmitted by wireless keyboards, but companies don’t encrypt data transmitted by wireless mice, the researchers said.
“This means that there is no authentication mechanism, and the dongle is unable to distinguish between packets transmitted by a mouse, and those transmitted by an attacker,” according to Bastille. An attacker can simply pretend to be a mouse and send their own movement or click packets to a dongle, using equipment available for less than $20.
Further, it is possible for attackers to “pretend to be a mouse, but transmit a keypress packet,” thereby allowing the attacker to type commands on the victim’s computer, Bastille found.
So if cybersecurity pros would only come up with a way to identify the bad-guy-dongle-abusers it would truly be building a better mouse trap.
To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.
Notify me when updates are available (No standing order will be created).
Put me on standing order
Notify me when new releases are available (no standing order will be created)