Wireless mice leave billions at risk of computer hack

Wireless mice leave billions at risk of computer hack

wireless_mouse

Security firm finds unencrypted signals from peripherals.

Marc Newlin and Balint Seeber are checking how far apart they can be while still being able to hack into each other’s computers. It turns out its pretty far – 180 metres – almost the length of two footy fields.

The pair work for Bastille, a startup cyber security company that has uncovered a flaw they say leaves millions of networks and billions of computers vulnerable to attack.

Wireless mice from companies like HP, Lenovo, Amazon and Dell use unencrypted signals to communicate with computers.

“They haven’t encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer. This would be the same as if the attacker was sitting at your computer typing on the computer,” said Newlin, a security researcher at Bastille.

A hacker uses an antenna, a wireless chip called a dongle, both available for the less US$20, and a simple line of code to trick the wireless chip connected to the target computer into accepting it as a mouse.

“So the attacker can send data to the dongle, pretend it’s a mouse but say ‘actually I am a keyboard and please type these letters’,” added Newlin.

“If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute,” said Chris Rouland, the CTO and Founder of Bastille.

At a thousand words a minute, the hacker can take over the computer or gain access to a network within seconds.

Rouland says that while companies are very good at encrypting and securing their networks and websites, they do not compensate for all cyber traffic across the entire radio spectrum. He says it’s time to re-think cyber security, especially in the world where smart phones are capable of transmitting massive amounts of data per second.

“No one was looking at the air space. So I wanted to build this cyber x-ray vision to be able to see what was inside a corporation’s air space versus what was just plugged into the wired network or what was on a Wifi hotspot,” said Rouland.

Bastille is hoping to cash in on its security flaw findings and offer new types of sensors that take into account more of the threats present in a wireless world.

In the meantime, Bastille is keeping tabs on the wireless mouse problem. They say some companies are starting to offer firmware updates to correct the security issues. Bluetooth devices are not vulnerable to this type of attack.

 

[CRN Tech]

April 30, 2016 / by / in , , , , , , , , ,

Leave a Reply

Show Buttons
Hide Buttons

IMPORTANT MESSAGE: Scooblrinc.com is a website owned and operated by Scooblr, Inc. By accessing this website and any pages thereof, you agree to be bound by the Terms of Use and Privacy Policy, as amended from time to time. Scooblr, Inc. does not verify or assure that information provided by any company offering services is accurate or complete or that the valuation is appropriate. Neither Scooblr nor any of its directors, officers, employees, representatives, affiliates or agents shall have any liability whatsoever arising, for any error or incompleteness of fact or opinion in, or lack of care in the preparation or publication, of the materials posted on this website. Scooblr does not give advice, provide analysis or recommendations regarding any offering, service posted on the website. The information on this website does not constitute an offer of, or the solicitation of an offer to buy or subscribe for, any services to any person in any jurisdiction to whom or in which such offer or solicitation is unlawful.