How to Hack a Computer from 100 Meter via its Wireless keyboard or mouse
No matter how secure you think your computer might be, something malicious can always happen. As a Computer is an open book with right tools and talent.
The same is proved by a group of security researchers by hacking into a computer with no internet, and no Bluetooth devices.
Yes, it is possible for attackers to Hack Your Computer through non-Bluetooth devices such as your wireless mouse and keyboard and install Malware or Rootkit onto your machine.
That innocent-looking tiny dongle plugged into your USB port to transmit data between your wireless mouse, and the computer is not as innocent as it pretends to be.
What is MouseJack?
MouseJack is a class of vulnerabilities that affects the vast majority of wireless, non-Bluetooth keyboards and mice. These peripherals are ‘connected’ to a host computer using a radio transceiver, commonly a small USB dongle. Since the connection is wireless, and mouse movements and keystrokes are sent over the air, it is possible to compromise a victim’s computer by transmitting specially-crafted radio signals using a device which costs as little as $15.
An attacker can launch the attack from up to 100 meters away. The attacker is able to take control of the target computer, without physically being in front of it, and type arbitrary text or send scripted commands. It is therefore possible to perform rapidly malicious activities without being detected. Source: Mousejack.com
Video Demonstration of MouseJack Attack
Who are Affected?
The following is the list of the wireless keyboard and mouse manufacturers whose non-Bluetooth wireless devices are affected by the MouseJack flaws:
Many Wireless Devices will Never Receive any Patch
The researchers have already reported the security issue to all the seven manufacturers, but as of today, only Logitech has released a firmware update that blocks MouseJack attacks.
However, there are a wide number of cheaper mice that don’t have updatable firmware, due to which all of them will remain vulnerable forever, which could be a major issue in business environments where peripherals are often utilized for several years before being replaced.
Although Lenovo, HP, Amazon, and Gigabyte did not comment, a Dell spokesperson advised the users of the KM714 keyboard and mouse combo to get the Logitech firmware patch via Dell Tech Support and the KM632 Combo users to replace their devices.
Here’s the list of affected devices, so if you are using one of them, it might be time to check for updates, and if not available, replace your existing peripheral.
For more in-depth knowledge, you can refer this white paper explaining technical details.