Cyber spying through wireless keyboards and mice. “MouseJack” attack.
Wireless mice and keyboards are becoming increasingly popular, with wired technologies taking a back seat. The Internet has been provided “over the air” for quite a long time engendering wireless chargers for gadgets.
However, if almost every user is aware of the threat of having his Wi-Fi data hijacked, as well as that of a VPN being a secure protection tool (not against interception or metadata collection, only from decryption of intercepted data), if there is nothing to intercept between a device that is being charged and wireless charger, your wireless mouse, keyboard and computer constantly exchange information, and this information can be easily intercepted.
For a long time the dangers of cordless mice and keyboards weren’t obvious until in 2016 the threat research team at Bastille Network found that millions of devices can be affected by a new class of vulnerabilities.
The attack was dubbed “MouseJack”. A website listing all affected devices is available for you to check your devices for the vulnerability. Later a Russian company Positive Technologies successfully compromised the keyboards and mice by Logitech, A4Tech and Microsoft.
The problem with these devices was that they proved to be unsafe because no one actually approached the development of mice and keyboards with security as a top priority in mind. Ease of use, affordability, battery life are the primary concerns of any developer, so why bother about security for a mouse?
In an ideal world, a device must have a reliable authentication system so that your keyboard connects only to the radio transceiver of your computer. Likewise, your transceiver shouldn’t interact with outside devices that may belong to an attacker. The transmission of data between a device and computer must be securely encrypted. Unfortunately, the neglect of security requirements perpetuated by developers enabled MouseJack attack.
Interview widget: Do you use a wireless mouse or keyboard?
The potential damage of MouseJack and other attacks on wireless mice and keyboards
An attack may lead to disastrous consequences. Suppose, you are going to make an important presentation, and your mouse and keyboard suddenly stop responding. It would be extremely difficult to identify the reason for the problem and, of course, the source of the attack since an attacker might be sitting in his car in a parking lot of a shopping mall.
A more complex attack would entail interception and decryption of data if it is encrypted or if its encryption is not secure enough. If this kind of attack is successful, a malicious intruder can access your passwords and other confidential information you will enter using your wireless keyboard. This attack will allow him to get the texts you type – emails, correspondence in instant messaging services and social networks even if they are strongly encrypted.
Protection from MouseJack and other attacks on wireless mice and keyboards
Using wired devices is the most efficient way to protect yourself. If you have a wireless device, check if it is on the list of affected devices available at mousejack.com. However, don’t overestimate the information on this website. First, it may have already become outdated, and developers have updated the security of their devices, second, it is possible that your device wasn’t examined and therefore it is absent in the database.
If you buy a wireless keyboard, choose solutions using Bluetooth. The connectivity type should be Bluetooth, not a radio channel, the connection interface – Bluetooth, not USB. Bluetooth is much more difficult to dampen than a radio channel, so this is a sound step to protect yourself against destructive attacks.
Use remote keyboards and mice running through Bluetooth interface, not radio signals.
Make sure to check if the device you want to purchase supports encryption for data transmission. It is especially important when it comes to wireless keyboards. If you already use a wireless device, check if your model has encryption from the developer. 128-Bit AES is the most suitable encryption algorithm that offers a fast and secure performance. Here is an example of Microsoft keyboards with AES encryption.
Before purchasing a wireless device, learn if it offers encryption.