Although the discovery was made roughly a year ago, it’s a dire flaw in cybersecurity that doesn’t have the degree of awareness it deserves. Bastille Networks, a cybersecurity company that’s only been around since 2014, realized a specific hacking technique exists that can affect millions of non-Bluetooth wireless mice and keyboards. Dubbed “Mousejack”, this is a design flaw in wireless dongles that enable a hacker to take over another person’s computer from up to 100 yards away. Mousejack is capable of breaching wireless mice and keyboards of seven major vendors like Dell, Microsoft, and HP. Its under-the-radar access to a victim’s computer can enable the hacker to access personal data and install harmful malware.
Whenever someone clicks or types on their non-Bluetooth wireless mouse or keyboard, the resulting action sends an encrypted packet over a radio frequency describing the action to the computer’s USB dongle. The computer dongle scans the local airwaves for transmissions of these packets, which it then notifies the computer about and thus completing the action. In order to keep these packets confidential, vendors encrypt these actions, whose coding is only familiar between their brand’s computer and wireless dongle. These transmissions however, only apply to wireless keyboards. Since many vendors mentioned in the previous paragraph don’t apply the same encryption methods to their wireless mice that they do to their keyboards, a computer operator’s dongle can’t tell the difference in radio frequency packets sent by the user’s actual wireless mouse or a hacker whose radio frequency packet is disguised as a wireless mouse.
As a result, this discrepancy in a dongle’s packet recognition capabilities can enable a hacker to send his own mouse-clicking commands, or even radio frequency packets disguised as a mouse-related action that actually affects the wireless keyboard of their targeted computer. One of the transceiver devices that is the most vulnerable to Mousejack is the nRF24L series, which is used in the majority of devices that are vulnerable to this hacking technique. Since the process that converts keyboard types or mouse clicks into radio frequency packet transmissions is individually administered by each vendor, a hacker can essentially use the same devices and processes for Mousejack on products and devices from different vendors.
Aside from literally being able to take control over your wireless mouse and keyboard, hackers can use the Mousejack strategy to browse through your computer’s files without the device owner’s awareness, access confidential and personal data stored on a computer’s hard drive, and install malicious malware that can have devastating effects on a computer or (in some extreme cases) an entire wireless network. While Bastille has worked on ways to address this glaring vulnerability in cybersecurity, these solutions can’t be applied overnight and will only help individuals avoid exposure to Mousejack instead of attacking the root of the issue and preventing it entirely. Until more accurate measures are developed, users of non-Bluetooth wireless devices like mice and keyboards are advised to remain vigilant of their surroundings and device settings.
