Hackers Can Take Over Computers Through Wireless Keyboards and Mice to Install Malware

If there is ever a way for hackers to take over a computer and flood it with malware, it will be found, and there isn't much we can do to prevent it from happening.

In the latest surprising discovery of attack methods hackers are using, the security firm Bastille uncovered ways in which wireless keyboards and mice can be used to take control of a victim's computer. Moreover, once control of a victim's computer is gained, attackers can then load malware onto the vulnerable system the carry out a plethora of malicious actions.

The attack is being dubbed as "MouseJack," a flaw found in wireless keyboards and mice that talk to a dongle through a wireless frequency. Shockingly, the news of attackers exploiting wireless peripherals is nothing new under the sun. In fact, wireless I/O devices have long been targets that vendors know how communications of their devices between the computer and a wireless peripheral would be compromised. In recognizing the threat, vendors have used encryption for communications with their wireless devices to computers.

Where the vulnerability lies, discovered by researchers at Bastille, USB dongles do not create unique pairings leaving the wireless transmission of data open to attackers who have similar devices that could pair with the victim's dongle. While USB dongles may still utilize encryption, some devices do not enforce their policy of declining unencrypted commands from other wireless keyboards and mice.

Fundamentally, attackers could take control of a computer's mouse movements and keyboard inputs manually or through automated attacks. During the time that attackers gain access to the wireless devices, the computer paired to the devices could then be taken over through mouse and keyboard inputs and then allow malicious software to be installed that could later be instructed to carry out deceitful actions on the Internet.

While the theory of taking over a computer through wireless keyboards and mice is certainly plausible, there have not been enough documented instances in the wild to vilify a major concern. However, manufacturers of wireless keyboards and mice, such as Dell, Lenovo, Logitech, Microsoft, and many others, are taking note of the viable threat. So far, we know Logitech to be one of the few who have implanted and fix through a firmware update to protect their product dongles against such attacks.

Currently, attackers can exploit the vulnerability within USB wireless keyboards and mice through the use of a dongle from a distance of up to 100 meters. In the vicinity of those 330 feet or so, attackers armed with the right equipment and matching wireless keyboards and mice can technically hack their way to gain access to a connected computer.

Just think: you have taken the recommended precautionary measures to safeguard your wireless network while surfing the Internet at your local coffee shop. Then you use your wireless mouse to navigate your screen while a hacker a few tables down takes over the operation of your mouse and loads up a malicious application that gathers your personal data. Not only are you in for a surprise, but you could be vulnerable to identity theft or other serious issues.

The video below is from the Bastille research team demonstrating what exactly takes place during a MouseJack situation.

What security experts and researchers are recommending for users of wireless keyboards and mice, is that they ensure their software and firmware on their computer and devices is updated to the latest available version. If at any time the manufacturer of wireless peripheral devices patches the wireless vulnerability, you will be in a position to have it installed to prevent any future attacks. It's always better to be safe than sorry, as they say.