Bastille researchers warn of a new hacking technique in which malefactors armed with antennas can hijack wireless keyboards and mice from seven companies, even when the peripherals are designed to encrypt and authenticate communications with a matched computer.
"With about 15 lines of code, you can take over a computer more than a hundred yards away," says Bastille CEO Chris Rouland. He and fellow researcher Marc Newlin used an inexpensive USB radio dongle ported to a laptop running their exploit code to pair with victim devices.
Rouland notes the hack, which impacts devices using a proprietary radio protocol instead of Wi-Fi or Bluetooth, can compromise even airgapped PCs if someone has plugged in a wireless keyboard dongle.
Bastille's "mousejacking" method exploits multiple vulnerabilities in the firmware of wireless devices that use radio communications chips sold by Nordic Semiconductor. The chips require vendors to write their own firmware to deploy encryption and secure the link between computers and peripherals. The failure of many affected firms to do so enables the dongles that receive those communications to accept keystrokes from another device using the same radio protocol.
Rouland and Newlin estimate the number of susceptible devices exceeds 1 billion.
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found