Amateur Radio Parity Act

Hackers could “mousejack” your computer

If you use a wireless mouse (not Bluetooth), you need to be aware of this:

If you use a wireless mouse with your computer, beware: You could be at risk of getting “mousejacked.” That’s the term being used to describe a recently discovered security flaw that could allow hackers to exploit a wireless mouse to access anything on the computer.

The security firm Bastille, which discovered the problem, says a hacker would just need a $15 antenna and a few lines of malicious computer code.

As CNET explains:

What Bastille security researcher Marc Newlin discovered was this. If you can send out a wireless signal that pretends to be a wireless mouse, most wireless USB dongles will happily latch onto it — no questions asked. Then, you can have that fake wireless mouse pretend to be a wireless keyboard — and start controlling someone else’s computer.

“If you have a wireless mouse I can attach and impersonate a wireless keyboard and arbitrarily send it any commands I want to your computer,” said Bastille founder Chris Rouland as he demonstrated the hack. Once hackers get in, “They can do anything to your computer that you could as if you were sitting at it,” he said.

But the hackers would have to be within 200 meters (about 656 feet) of the targeted mouse and computer in order to pull it off, offering users some degree of protection at home or the office. Users who connect to a wireless mouse in a public area like a coffee shop or airport are more likely to be at risk from a hacker lurking in the crowd.

The problem could potentially affect millions of wireless mice that are connected via USB dongles. It does not affect devices that connect via Bluetooth.

The problem could potentially affect millions of wireless mice that are connected via USB dongles. It does not affect devices that connect via Bluetooth.

0224scitechmousejack1.jpg
The “mousejack” vulnerability affects a ‘wireless mouse’ that connecst via a USB dongle like this one.

Bastille says it discovered the flaw in November and notified companies that make wireless mice and keyboards so that they could patch it. (For users with Logitech Unifying receivers, Logitech is already providing a patch, available here: RQR_012_005_00028.exe.)

Logitech released a statement downplaying concern about the risk: “The vulnerability would be complex to replicate and would require physical proximity to the target. It is therefore a difficult and unlikely path of attack.”

Consumers with other brands of wireless mice should check with the makers about a patch or replacement.”In the case of Microsoft, Amazon, Dell, HP and Gigabyte users, they may need to purchase new devices. They can switch to wired devices,” Rouland said.

(Original story source:  cbsnews.com)

/Op-Ed

  1.  The above link to a patch is for Windows users only.
  2. I own too many Microsoft mobile wireless mice to replace them all. Okay, yes I’m very security conscious. As an alternative, I have just ordered an inexpensive Bluetooth mouse from Amazon:  http://amzn.to/1QdXiP7. Will review it here once I install it and give it a test drive… As a side note, freeing up a USB port/not having to use a dongle is always a good idea so I’m hoping this inexpensive Bluetooth mouse will be a good solution — stay tuned.*

*After using my new Optimal House Bluetooth mouse for a few days, I cheerfully put my stamp of approval on it. I have found it to be reliable and I really like its feel. Here are my suggestions to getting it up and running quickly:

  • Forget the owner’s manual. It’s more than confusing and English was not the writer’s first language (probably not his second either).
  • Turn on the mouse and turn off the blue racing lights:  on the bottom of the mouse is a three-position slide switch. Use it to turn the mouse off and on, but the middle position turns off the blue lights on the sides of the mouse. I recommend you leave this switch in the middle position — no need to run down the batteries even more.
  • To pair:  Put your PC is pairing discovery mode. Hold down the left, right and scroll wheel mouse buttons to place the mouse in initial pairing mode. Your PC should pair within just a few sconds.
  • On the top of the mouse about an inch below the scroll wheel is a small button. This button sets the DPI sensitivity. Push it one, two or three times. Three is the greatest sensitivity and that’s what I recommend. Corresponding lights will momentarily flash. When you see three flashes, you’re all set.
  • After five minutes of inactivity, the mouse will go into a power saving mode. To power it back up, simply double-click the left mouse button twice.
  • There is another added bonus with this mouse — it doesn’t need a mouse pad! It will track on just about any surface you throw at it.

Enjoy!

/End Op-Ed