Wireless mice outed as 'security' loophole

Source: http://www.bbc.com/news/technology-35890902

Hackers could gain access to home and corporate networks via security flaws in wireless mice, suggests research.

Weaknesses in the way mice swapped data with computers left them vulnerable, said security firm Bastille Networks.

Attackers could spoof poorly protected signals letting them use PCs as if they were sitting in front of them, it said.

Information about the loopholes have been passed to the makers of vulnerable mice, some of who are creating updates to make the mice more secure.
No updates

The radio signals sent by many wireless mice to a "dongle" plugged in to a computer were often unencrypted, said Marc Newlin and Balint Seeber, from Bastille, who carried out the research.

"That makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer," Mr Newlin said.

By contrast, they said, signals sent by wireless keyboards were scrambled to stop attackers eavesdropping on or spoofing them.

The pair found they could spoof signals for mice using a few lines of code and an antenna and dongle that cost $20 (£15).

The attack worked at distances of up to 180m (590ft).

Using this kit, they sent specially crafted mouse clicks that a computer interpreted as key presses, letting them run commands and take control of a target machine.

The Bastille researchers said many companies spent a lot of time and money securing the physical devices sitting on their networks but often neglected to keep an eye on data sent via radio.

Wireless mice produced by HP, Lenovo, Amazon and Dell were found to be vulnerable.

Bastille said it had reported its findings to the hardware makers and to the company that made the chipset used inside the spoofable mice.

Updates to the internal computer code, or firmware, for some of the vulnerable mice are now being made available,

But Bastille said many of the insecure mice it had found could not be updated.

令我回想起呢條 thread, 真係 ROFL
https://forums-lb.gentoo.org/vie ... 01f9f4c513a0daa9860

TOP

睇唔明by contrast... wireless keyboard嗰段。
不過cap低wireless keyboard d信號,當hardware版keylog咁用係咪有得諗?
咁密碼嗰d嘢咪好易拎到?

via HKEPC Reader for Android

TOP

但係大多已經轉用藍牙了

TOP

舊時用 crt 嗰時, 有人話要用鐵絲網, 罩住個 mon

TOP

不用keyboard locker記下密碼,capture無線訊號就可以

TOP