UPDATED 13:59 EDT / FEBRUARY 24 2016

MouseJack: New threat targeting IoT in the office

Cybersecurity company Bastille Networks, Inc. has uncovered a massive vulnerability in wireless mice and keyboards, leaving billions of PCs and millions of networks vulnerable to remote exploitation via radio frequencies.

Launched in 2014, Bastille is pushing Internet of Things (IoT) security with next-generation security sensors and airborne emission detection, allowing corporations to accurately quantify risk and mitigate 21st century airborne threats. An airborne virus in IoT spreads like the common cold, infecting unsuspecting and unprotected devices connected to vulnerable Wi-Fi connections. 

Bastille researchers have identified the threat as “MouseJack” as it infiltrates systems via wireless dongles used by wireless mice and keyboards. Once paired, the MouseJack operator can insert keystrokes or malicious code with the full privileges of the PC owner and infiltrate networks to access sensitive data. The attack is at the keyboard level, therefore PC’s, Macs, and Linux machines using wireless dongles can all be victims.

Brands affected by MouseJack include Logitech, Dell and Lenovo, but most non-Bluetooth wireless dongles are vulnerable.

“MouseJack poses a huge threat, to individuals and enterprises, as virtually any employee using one of these devices can be compromised by a hacker and used as a portal to gain access into an organization’s network,” said Chris Rouland, founder, CTO, Bastille.

“The MouseJack discovery validates our thesis that wireless IoT technology is already being rolled out in enterprises that don’t realize they are using these protocols,” he went on. “As protocols are being developed so quickly, they have not been through sufficient security vetting. The top 10 wearables on the market have already been hacked and we expect millions more commercial and industrial devices are vulnerable to attack as well. MouseJack underscores the need for security across the entire RF spectrum as exploitation of IoT devices via radio frequencies is becoming increasingly popular among the hacker community.”

Marc Newlin, Bastille’s engineer responsible for the MouseJack discovery, explains that wireless mice and keyboards are the most common PC accessories today, and MouseJack serves as a door to the host computer. Newlin stated that anyone can fall victim to MouseJack, from individuals or global enterprise users. All an attacker needs is a $15-worth of hardware and a few lines of code, and the hacker will be able to insert malware that can expose sensitive information.

Some vendors will be able to offer firmware update to fix the flaw, but not all dongles were designed to be updatable. If you want to find out if your mouse or keyboard is at risk, you can check the full list of vulnerable wireless mice and keyboards here.

You can also learn more about MouseJack here, and by watching the video below.

MouseJack from Bastille on Vimeo.

Photo by PaulM (Pixabay)

A message from John Furrier, co-founder of SiliconANGLE:

Support our open free content by sharing and engaging with our content and community.

Join theCUBE Alumni Trust Network

Where Technology Leaders Connect, Share Intelligence & Create Opportunities

11.4k+  
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+ 
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.

SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .

Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.