A cybersecurity company called Bastille, from San Francisco has been doing some experimenting with hacking wireless mice and uncovered a flaw they say leaves millions of networks and billions of computers vulnerable to attack. It turns out that wireless mice from companies like HP, Lenovo, Amazon and Dell use unencrypted signals to communicate with computers.
Marc Newlin from Bastille commented: “They haven’t encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer. This would be the same as if the attacker was sitting at your computer typing on the computer.”
To hack a computer via a wireless mouse, all that’s needed is an antenna, a wireless chip called a dongle and a line of code to trick the wireless chip connected to the target computer into accepting it as a mouse.
“So the attacker can send data to the dongle, pretend it’s a mouse but say ‘actually I am a keyboard and please type these letters’,” added Newlin. The hacker can take over the computer or gain access to a network within seconds from as far as 180 meters.
This warning clearly demonstrates how pretty much any controlling technology can be abused for activities it was not intended for and how many aspects cybersecurity has to cover. Remember “hacking cars” we wrote about a while ago?