Hacking Into A Computer Without Internet – Hijacking Wireless Mouse or Keyboard

hack-computer-via-wireless-mouse-keyboard - picateshackz.com

No matter how secure you think your computer might be, something malicious can always happen. As a Computer is an open book with right tools and talent.

The same is proved by a group of security researchers by hacking into a computer with no internet, and no Bluetooth devices.

Yes, it is possible for attackers to Hack Your Computer through non-Bluetooth devices such as your wireless mouse and keyboard and install Malware or Rootkit onto your machine.

That innocent-looking tiny dongle plugged into your USB port to transmit data between your wireless mouse, and the computer is not as innocent as it pretends to be.


What’s the Vulnerability?

Security researchers from the Internet of things security firm Bastille have warned that wireless keyboards and mice from seven popular manufacturers including Logitech, Dell, Microsoft, HP and Lenovo are…

…vulnerable to so-called MouseJack attacks, leaving Billions of computers vulnerable to hackers.

The flaw actually resides in the way these wireless mice and their corresponding radio receivers handle encryption.

The connection between the tiny dongle and the mouse is not encrypted; thus, the dongle would accept any seemingly valid command.


How to Hijack Wireless Mouse and Hack Computer?

Wireless mice and keyboards communicate via radio frequency with a USB dongle inserted into the PC. The dongle then sends packets to the PC, so it follows the mouse clicks or keyboard types.

While most wireless keyboard manufacturers encrypt traffic between the keyboard and the dongle in an effort to prevent spoofing or hijacking of the device.

However, the mice tested by Bastille did not encrypt their communications to the dongle, allowing an attacker to spoof a mouse and install malware on victim’s PC.

With the use of around $15-$30 long-range radio dongle and a few lines of code, the attack could allow a malicious hacker within 100 meters range of your computer to intercept the radio signal between the dongle plugged into your computer and your mouse.

The hacker can, therefore, send packets that generate keystrokes instead of mouse clicks, allowing the hacker to direct your computer to a malicious server or website in mere seconds.

During their tests, researchers were able to generate 1000 words/minute over the wireless connection and install a malicious Rootkit in about 10 seconds. They tested several mice from Logitech, Lenovo, and Dell that operate over 2.4GHz wireless communications.



Recommended Articles To Become Hacker:

 


Video Demonstration of MouseJack Attack

Who are Affected?

The following is the list of the wireless keyboard and mouse manufacturers whose non-Bluetooth wireless devices are affected by the MouseJack flaws:

    • Logitech
  • Dell
  • HP
  • Lenovo
  • Microsoft
  • Gigabyte
  • AmazonBasics
Billions of PC users with wireless dongles from any of the above manufacturers are at risk of MouseJack flaw. Even Apple Macintosh and Linux machine users also could be vulnerable to the attack.

These mice are separate from Bluetooth mice that are not affected by this security issue.


Many Wireless Devices will Never Receive any Patch

The researchers have already reported the security issue to all the seven manufacturers, but as of today, only Logitech has released a firmware update that blocks MouseJack attacks.

However, there are a wide number of cheaper mice that don’t have updatable firmware, due to which all of them will remain vulnerable forever, which could be a major issue in business environments where peripherals are often utilized for several years before being replaced.

Although Lenovo, HP, Amazon, and Gigabyte did not comment, a Dell spokesperson advised the users of the KM714 keyboard and mouse combo to get the Logitech firmware patch via Dell Tech Support and the KM632 Combo users to replace their devices.

Here’s the list of affected devices, so if you are using one of them, it might be time to check for updates, and if not available, replace your existing peripheral.

For more in-depth knowledge, you can refer this white paper explaining technical details.

 

You may also like...

2 Responses

  1. Well that's cool, but where can I find the software and some tutorial?

  2. Anonymous says:

    We are a professional hacking group and we have come with wonderful bank transfer services. We combine a lot of tools coupled with over 15 years of experience in this field to present you with this services. We make use of powerful Zeus botnets and advanced phishing and bulk mailing platform to gain access to bank login and database.
    Bank transfers are now available to the following countries:
    USA
    UK
    EU
    Canada
    Australia
    Russia
    Netherlands
    China
    Malaysia
    Value of Transfers:
    We transfer $2,000 – $10,000 per transfer to Personal accounts (Checking accounts, Savings accounts, Current accounts, Standard accounts). Transfers over $10,000 are available to Business or Corporate accounts only. If you require transfers over $10,000 you should contact us, the fee is not stated here but it’s negotiable.
    Transfer Clearing Time:
    Same day service to UK/USA/EU/Canada/Australia – 1 to 2 business day service to Russia/Dubai/Singapore.
    Fee:
    $2000 – $4000: $450
    $5000 – $7000: $750
    $8000 – $10000: $1050
    How to Order This Services
    To order for our bank transfer services, you can contact us here: westernunionhackers2011@gmail.com. We transfer to all US banks and virtually all banks in the world expect few.

Close