Sign In

Communications of the ACM

ACM TechNews

Flaws in Wireless Mice and Keyboards Let Hackers Type on Your Pc


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Security researcher Marc Newlin, with wireless peripherals he found vulnerable to a radio keystroke injection attack.

Researchers at Bastille found wireless keyboards and mice from seven companies can be hijacked.

Credit: Bastille

Bastille researchers warn of a new hacking technique in which malefactors armed with antennas can hijack wireless keyboards and mice from seven companies, even when the peripherals are designed to encrypt and authenticate communications with a matched computer.

"With about 15 lines of code, you can take over a computer more than a hundred yards away," says Bastille CEO Chris Rouland. He and fellow researcher Marc Newlin used an inexpensive USB radio dongle ported to a laptop running their exploit code to pair with victim devices.

Rouland notes the hack, which impacts devices using a proprietary radio protocol instead of Wi-Fi or Bluetooth, can compromise even airgapped PCs if someone has plugged in a wireless keyboard dongle.

Bastille's "mousejacking" method exploits multiple vulnerabilities in the firmware of wireless devices that use radio communications chips sold by Nordic Semiconductor. The chips require vendors to write their own firmware to deploy encryption and secure the link between computers and peripherals. The failure of many affected firms to do so enables the dongles that receive those communications to accept keystrokes from another device using the same radio protocol.

Rouland and Newlin estimate the number of susceptible devices exceeds 1 billion.

From Wired
View Full Article

 

Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA


 

No entries found