Cybersecurity company Bastille Networks, Inc. has uncovered a massive vulnerability in wireless mice and keyboards, leaving billions of PCs and millions of networks vulnerable to remote exploitation via radio frequencies.

Launched in 2014, Bastille is pushing Internet of Things (IoT) security with next-generation security sensors and airborne emission detection, allowing corporations to accurately quantify risk and mitigate 21st century airborne threats. An airborne virus in IoT spreads like the common cold, infecting unsuspecting and unprotected devices connected to vulnerable Wi-Fi connections. 

Bastille researchers have identified the threat as “MouseJack” as it infiltrates systems via wireless dongles used by wireless mice and keyboards. Once paired, the MouseJack operator can insert keystrokes or malicious code with the full privileges of the PC owner and infiltrate networks to access sensitive data. The attack is at the keyboard level, therefore PC’s, Macs, and Linux machines using wireless dongles can all be victims.

Brands affected by MouseJack include Logitech, Dell and Lenovo, but most non-Bluetooth wireless dongles are vulnerable.

“MouseJack poses a huge threat, to individuals and enterprises, as virtually any employee using one of these devices can be compromised by a hacker and used as a portal to gain access into an organization’s network,” said Chris Rouland, founder, CTO, Bastille.

“The MouseJack discovery validates our thesis that wireless IoT technology is already being rolled out in enterprises that don’t realize they are using these protocols,” he went on. “As protocols are being developed so quickly, they have not been through sufficient security vetting. The top 10 wearables on the market have already been hacked and we expect millions more commercial and industrial devices are vulnerable to attack as well. MouseJack underscores the need for security across the entire RF spectrum as exploitation of IoT devices via radio frequencies is becoming increasingly popular among the hacker community.”

Marc Newlin, Bastille’s engineer responsible for the MouseJack discovery, explains that wireless mice and keyboards are the most common PC accessories today, and MouseJack serves as a door to the host computer. Newlin stated that anyone can fall victim to MouseJack, from individuals or global enterprise users. All an attacker needs is a $15-worth of hardware and a few lines of code, and the hacker will be able to insert malware that can expose sensitive information.

Some vendors will be able to offer firmware update to fix the flaw, but not all dongles were designed to be updatable. If you want to find out if your mouse or keyboard is at risk, you can check the full list of vulnerable wireless mice and keyboards here.

You can also learn more about MouseJack here, and by watching the video below.

MouseJack from Bastille on Vimeo.

Photo by PaulM (Pixabay)