Wireless mice and keyboards are prime for hacking, with a “massive vulnerability” leaving “billions” of devices at risk, according to a new report.
US cybersecurity company Bastille claims to have found the issue, calling it MouseJack, which sounds pretty cool, with the company saying the vulnerability is massive.
Manufacturers like Logitech, Dell and Lenovo are namechecked as those affected by the issue, but most non-Bluetooth wireless dongles are vulnerable.
Basically, hackers can take over a computer through a flaw in the dongles. Once paired, the MouseJack operator can insert keystrokes or malicious code with the full privileges of the PC owner and infiltrate networks to access sensitive data.
The attack is at the keyboard level, therefore, PCs, Macs, and Linux machines using wireless dongles can all be victims.
“MouseJack poses a huge threat, to individuals and enterprises, as virtually any employee using one of these devices can be compromised by a hacker and used as a portal to gain access into an organisation’s network,” said Chris Rouland, founder and CTO of Bastille.
MouseJack, an IoT nightmare
Take a step back from the millions of laptops around the world, and think of where we’re all going. An IoT world means tonnes more interconnected devices, tonnes more wireless interconnected devices. So, if what Bastille found is as bad as it says, we could be in a bit of bother.
“The MouseJack discovery validates our thesis that wireless IoT technology is already being rolled out in enterprises that don’t realise they are using these protocols,” said Rouland.
“As protocols are being developed so quickly, they have not been through sufficient security vetting.”
Bastille says the top 10 wearables on the market have already been hacked, an ominous sign for those operating below that threshold.
What’s worrying is the large amount of wireless mice and keyboards that can’t be updated, thus rendering any hope of a patch useless.
“Consumers will need to check with their vendor to determine if a fix is available or consider replacing their existing mouse with a secure one,” said the company, with www.mousejack.com set up to help with this.
Here’s an ominous, yet enjoyable, video by the security company, to explain all.