Do you use a wireless keyboard or mouse? If you do then there is a new cyber risk that you need to be aware of called mouse jacking. Mouse Jacking is a newly coined term used to describe a specific type of hacking that is carried out through your wireless keyboard or mouse. A MouseJack attack can be extremely dangerous as it allows a bad actor to infiltrate an organization without being detected since the computer will not recognize the malicious nature of the device. Using this technique, attackers could take over your entire Active Directory in just minutes using a $15 USB radio device that discovers vulnerable devices.
The majority of wireless mice and keyboards peripherals are ‘connected’ to a host computer using a radio transceiver, commonly a small USB dongle. Since the connection is wireless operating in the 2.4GHz ISM band, mouse movements and keystrokes are sent over the air. When a user presses a key on their keyboard or moves their mouse, information describing the actions is sent wirelessly to the USB dongle. The dongle listens for radio frequency packets sent by the mouse or keyboard and notifies the computer whenever the user moves their mouse or types on their keyboard.
How do Mouse Jacking attacks get carried out?
Carrying out a MouseJack attack does not require specialized or expensive equipment, and can be done with a $15 USB dongle.
First, the attacker identifies a target wireless mouse or keyboard by listening for RF packets transmitted through the air and intercepts the information when a user is moving/clicking the mouse or typing on the keyboard. Once the attacker has enough information, the attacker, with very minimal code can take over the keyboard and mouse of the target or even better, force force-pairs a fake keyboard with the victim’s dongle.
Finally, the attacker transmits keypress packets to type a series of commands into the victim’s computer. This can include downloading a virus or rootkit, transferring files off of the victim’s computer, or anything else the attacker could do if they were physically typing on the computer’s keyboard.
The attacker doesn’t even need to be physically close to take control of a computer — the attack can be executed from up to 100 meters away. However, only running workstations can be compromised.
Many popular keyboards and mice are at risk, so the first thing you need to do is to check whether you have any vulnerable devices. It will not be a case of performing a firmware update on your current device. Some manufacturers have caught on and are now releasing devices that are more secure. If you can then it is a good idea to replace your keyboard and mouse with one that is more secure. Or you can protect yourself from the hack as easily as switching to a wired mouse and keyboard. But let’s be serious, the chances of being a target of one of these attacks could seem too little to resort to changing to a wired option.
