Vulnerability "MouseJack" to be hijacked via wireless mouse and keyboard is reported

Because the cable inevitably tends to crawl around the PC absolutely, I think that some people say that the mouse and keyboard are made wireless, so that some people make it a clean working environment, but it is possible to take over wireless mice and keyboards of multiple manufacturers It is reported that there is a vulnerability.

MouseJack Technical Details | Bastille Networks Internet Security

How Hackable Is Your Wireless Keyboard and Mouse?

Widespread Flaw Could Allow Hackers To Hijack Your Wireless Mouse Or Keyboard - Consumerist

I revealed the vulnerabilityIoTAccording to security company Bastille, this exists in a receiver (USB dongle) attached to the PC side of a wireless mouse or keyboard using the 2.4 GHz band radio, and it affects any OS of Windows, OS X, Linux To do.

Only 15 dollars (about 1700 yen) of USB dongle and a few lines of code are needed to investigate the vulnerability. By approaching within 100 meters of the target computer, an attacker can execute arbitrary commands on the target machine.

The image image of the crime by MouseJack is also made.

MouseJack - YouTube

It was the Eve of the hacker that appeared.

I found a target at a coffee shop and set up an apology device on my PC.

Before that gaze ... ...

An old man working on a laptop. This person is the target.

The uncle set the receiver written "Lo ......" to the USB port of the notebook PC and use the wireless mouse.

However, I got a phone call and diverted my eyes from the PC. An opportunity has arrived for Eve.

The time taken for hacking is slight. As if there was the original owner in front of the PC ......

Hackers have full access to their PC.

In the second case, the hacker's chuck is about 30 m away from the target PC.

Just as I was working, the man was about to leave my coffee.

Because this PC also used a wireless mouse, I allowed a hacker invasion via a USB dongle. While not seeingRoot kitEven if you come back to the PC, you may be liked by a hacker in a background you do not notice ... ....

Although Bastille has published a list of devices affected by vulnerabilities, Amazon, Dell, Gigabyte, HP, Lenovo, and Logitech (as it is said to be a vulnerability that exists mostly in non-Bluetooth connected dongles) Logitech) - Microsoft and a wide range of manufacturers are included.

MouseJack Affected Devices | Bastille Networks Internet Security

Lenovo and Logitech will publish firmware updates, other makers should announce measures in order, but in the meantime it may be better to avoid using wireless keyboard and mouse for the foreseeable future.

in Hardware,   Video,   Security, Posted by logc_nt