Anything connected to the internet can be hacked. This is not the motto of a cybersecurity company but a sad reality. You might already know that there are phishing emails, malware, Mirai in your IoT devices, and might already set all the precautions for your home WiFi router, but that’s not all!
We always say that you should be alert and we hope you are as today we’re going to talk about mice, your computer mouse, I mean, and a keyboard.
For a pentester, exploiting wireless peripherals is one of the most exciting and giggle-inducing attacks. Any wireless mouse or keyboard is a severe security hole in the PC no matter what OS you have: there is no (or quite simple) encryption during data transmission. Why? The explanation is simple: the processor in the keyboard is not capable of much, and no one encrypts mouse data at all.
So it turns out that a hacker can “remotely” connect to a computer and run any program on it (some, however, will have to be “typed” in a notebook) or to click any malware that was sent in advance. Also, through the “Settings” of the keyboard, one can get data from the computer even if there is no connection to the internet.
Nervous? Let’s explore the history and then figure out what we can do.
History of Mousejacking And Malicious Keystrokes
Mouse + hijacking = mousejacking.
Mousejacking is an evil technique when a hacker “hijacks” or gains control over the vast majority of wireless, non-Bluetooth keyboards, and mice.
For the first time, the world heard about the vulnerability in 2014 when researchers at SR Labs, a data protection research company, found out that the flaw in the USB protocol allowed attackers to change the firmware of devices connected to the PC and insert malicious modules into it.
At the same time, the usual antivirus wasn’t able to detect “a bug” and other hacker tricks, since it checked only the contents of the disk, flash drive or RAM, without scanning the internal programs of keyboards, mice, and other common USB devices.
Thus, if desired, attackers could embed code that was almost impossible to detect in virtually any device connected to the PC. Carsten Nol and Jacob Lell managed to justify their guesses by creating a malicious application called BadUSB spread via USB gadgets. With the help of the firmware, they changed files on the computer, redirected internet traffic, and performed other actions imperceptibly for the owner of the computer. At the same time, a program could infect computers, and then other USB devices. Carsten Nol and Jacob Lell presented their discovery at BlackHat the same year.
The technique gained more notoriety in early 2016 when Bastille, a security company specializing in wireless and Internet of Things (IoT) threat detection, issued a whitepaper describing the vulnerability. The attack involved exploiting vulnerable 2.4 GHz input devices by injecting malicious keystrokes into the associated USB dongle. This was made possible as keyboards and mice didn’t have encryption.
The vulnerability was called KeySniffer. All the keystroked were eavesdropped and later recorded by hackers. It means that whenever a victim accessed their bank account or cryptocurrency wallet, for instance, a hacker hijacked the transmission of sensitive data with the help of rather cheap equipment (for example, Crazyradio PA for $30).
In addition to eavesdropping, an attacker could inject their malicious keystroke commands to install malware and exfiltrate data.
In 2017, cybersecurity experts discovered a new virus that infected a computer when the mouse cursor simply hit a link. The download of malware began when a user hovered a mouse over the hyperlink in the PowerPoint file. The harmful element was activated, which lead to downloading the c.php file to the computer from the ccn.nl domain. After the user’s computer was infected with the Trojan Zusy virus, it transferred all data about the victim’s bank account to third parties. This technique was used for a spamming campaign to financial companies.
What Devices Are Vulnerable?
The research team of Bastille found that eight of the twelve manufacturers of keyboards they tested had this vulnerability. Notably, most of the keyboards were made by HP; and although the sample number isn’t large, certain conclusions can already be made. The researchers also found that vulnerable keyboards could not be fixed or updated, and the only fix for the keyboard is to stop using it. KeySniffer is the most well-known vulnerability (if not the only one) that a keyboard is susceptible to, and the fact that manufacturers produce the keyboards disregarding the problem is really worrying.
Moreover, there are issues with Microsoft and Logitech products. Vulnerable Microsoft products include (reportedly not limited to):
- Sculpt Ergonomic Mouse
- Wireless Mobile Mouse 4000
- Wireless Mouse 5000
The Logitech devices that leverage the “Unifying” dongle are likely to be affected as well. The dongle is identifiable by an orange star printed on the hardware.
How To Protect My Device?
Okay, to be serious, to protect the wireless device, you need to switch to wired ones or migrate to Bluetooth.
Although Microsoft and Logitech released their security advisory, experts claim that patches don’t eliminate the issues effectively and there is still a chance that a device can be hijacked.
You can review Microsoft Security Advisory released in April 2016. The optional update adds additional robust filtering at the dongle, so that rogue keystroke is detected and discarded. Nevertheless, some devices remain vulnerable even after the patch is employed.
Logitech requires users to apply a firmware update manually. It’s a multi-step procedure that is rather difficult for less technical end users. Besides, the IT departments will have to struggle with a massive manual update across the entire company.
Anything connected to the internet can be hacked. Anything you post on the internet can be used against you. We’re living in the 21st century and technologies have already enslaved our minds. For better or for worse — no idea. However, as a user, you need to be alert and knowledge-zesty, always.
You May Also Like
At ROKKEX, we take security extremely seriously and our crypto exchange is built on ‘Security First’ principle. We want to share our expertise with the broader public for the world to become happy, safe, and wise.
If you have any ideas and suggestions, contact us at