Vulnerability: MouseJack Keystroke Injection Attack

[WALLONN7]

MOUSEJACK: A massive vulnerability in wireless mice and keyboards that leaves billions of PC’s and millions of networks vulnerable to remote exploitation via radio frequencies. Mousejack allows malicious actors to take over a computer through a flaw in wireless dongles. Once paired, the Mousejack operator can insert keystrokes or malicious code with the full privileges of the PC owner and infiltrate networks to access sensitive data. The attack is at the keyboard level, therefore PC’s, Macs, and Linux machines using wireless dongles can all be victims. Notable wireless keyboard and mouse manufacturers affected by the Mousejack discovery include: Logitech, Dell and Lenovo, but most non-Bluetooth wireless dongles are vulnerable.

 

Affected Devices

 

The follow devices have been tested and are vulnerable to a MouseJack keystroke injection attack (specifically vulnerabilities that pertain to Bastille Threat Research Team Tracking Number #1-7 & 9). To help determine whether you have an affected device connected to your system, please compare the following screenshots against your computer. Hardware information screens are provided for Windows, OS X and Linux for each USB dongle:

 

Vendor	Affected Devices
AmazonBasics	Wireless Mouse MG-0975 USB dongle RG-0976 (USB ID 04f2:0976)
Dell	Dell KM714 Wireless Keyboard and Mouse Combo KM714 USB dongle (USB ID 046d:c52b) KM632 Wireless Mouse USB dongle (USB ID 413c:2501)
Gigabyte	K7600 wireless keyboard USB dongle (USB ID 04b4:0060)
HP	Wireless Elite v2 keyboard Elite USB dongle (USB ID 03f0:d407)
Lenovo	500 Wireless Mouse (MS-436) 500 USB Dongle (USB ID 17ef:6071)
Logitech	K360 K400r K750 K830 Unifying dongle (USB ID 046d:c52b) Tested firmware versions: 012.001.00019 012.003.00025
Microsoft	Sculpt Ergonomic mouse Wireless Mobile Mouse 4000 Microsoft Wireless Mouse 5000 2.4GHz Transceiver v7.0 (USB ID 045e:0745) USB dongle model 1496 (USB ID 045e:07b2) USB dongle model 1461 (USB ID 045e:07a5)

 

 

Also covered in our advisories is a Denial-Of-Service vulnerability (Bastille Threat Research Team Tracking Number #8), which affects the following hardware:

 

 

Vendor	Affected Devices
Lenovo	N700 Mouse N700 USB dongle (USB ID 17ef:6060) Ultraslim Keyboard Ultraslim Mouse Ultraslim USB dongle (USB ID 17ef:6032) Ultraslim Plus Keyboard Ultraslim Plus Mouse Ultraslim Plus USB dongle (USB ID 17ef:6022)

 

 

Although the Bastille Threat Research Team endeavoured to test a wide variety of models of wireless keyboard and mice from multiple vendors, it is not possible to acquire and test every model available on the market. There may be other models and vendors that are affected by this class of vulnerability, so the list should not be considered definitive.

 

 

Remediation

 

1. Immediately disconnect all affected USB dongles, and use wired keyboards and mice instead.

2. If you are using affected Logitech devices, please update your Logitech software by referring to the appropriate instructions.

   Dongles from other vendors were not found to support upgrading of firmware, so it does not appear possible to patch them. Therefore it is recommended that users contact their preferred vendor and inquire into which models are not vulnerable for future purchases.

 

Tools

 

The Bastille Threat Research Team is releasing free, open source tools to enable interested parties to discover wireless mice and keyboards that may be vulnerable to MouseJack.

Please refer to: https://github.com/rfstorm/mousejack

 

 

Source

[DKT27]

Wait, these wireless keyboards and mice are not encrypted. From what I can understand, all these are non-BT based wireless devices running at WiFi's favorite 2.4GHz range.

 

Eitherway, this is why gamers should not use these wireless keyboards and mice. Someone will hack them and you might miss a shot or something.