Security firm finds unencrypted signals from peripherals.
Marc Newlin and Balint Seeber are checking how far apart they can be while still being able to hack into each other’s computers. It turns out its pretty far – 180 metres – almost the length of two footy fields.
The pair work for Bastille, a startup cyber security company that has uncovered a flaw they say leaves millions of networks and billions of computers vulnerable to attack.
Wireless mice from companies like HP, Lenovo, Amazon and Dell use unencrypted signals to communicate with computers.
“They haven’t encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer. This would be the same as if the attacker was sitting at your computer typing on the computer,” said Newlin, a security researcher at Bastille.
A hacker uses an antenna, a wireless chip called a dongle, both available for the less US$20, and a simple line of code to trick the wireless chip connected to the target computer into accepting it as a mouse.
“So the attacker can send data to the dongle, pretend it’s a mouse but say ‘actually I am a keyboard and please type these letters’,” added Newlin.
“If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute,” said Chris Rouland, the CTO and Founder of Bastille.
At a thousand words a minute, the hacker can take over the computer or gain access to a network within seconds.
Rouland says that while companies are very good at encrypting and securing their networks and websites, they do not compensate for all cyber traffic across the entire radio spectrum. He says it’s time to re-think cyber security, especially in the world where smart phones are capable of transmitting massive amounts of data per second.
“No one was looking at the air space. So I wanted to build this cyber x-ray vision to be able to see what was inside a corporation’s air space versus what was just plugged into the wired network or what was on a Wifi hotspot,” said Rouland.
Bastille is hoping to cash in on its security flaw findings and offer new types of sensors that take into account more of the threats present in a wireless world.
In the meantime, Bastille is keeping tabs on the wireless mouse problem. They say some companies are starting to offer firmware updates to correct the security issues. Bluetooth devices are not vulnerable to this type of attack.