ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Wireless mice are hackable up to a city block away

<< < (2/5) > >>

wraith808:
^ Hmm, so doesn't that hold up to what the article is saying?  That the mouse signals are not encrypted?  And now they can fool the mouse dongle into thinking it's the keyboard?

mwb1100:
And now they can fool the mouse dongle into thinking it's the keyboard?
-wraith808 (March 28, 2016, 09:48 PM)
--- End quote ---

I don't know the details, but USB keyboards and mice are devices that both fall under the USB HID (Human Interface Device) class: http://en.wikipedia.org/wiki/USB_human_interface_device_classw

I wouldn't be surprised if there's a lot of common capability available across devices in the HID class.

And as far as this goes:

Since the displacements of a mouse would not give any useful information to a hacker, the mouse reports are not encrypted.
--- End quote ---

It wouldn't shock me too much if someone eventually finds that such mouse information can be used to figure out something they shouldn't be able to.   It seems unlikely, but people have been surprised before by leaks of information from unusual areas (like timing or power usage). One possible situation where capturing mouse information might be an attractive target that comes to mind is that some programs use a virtual on-screen keyboard specifically to foil keyloggers. Not a common scenario, but if you're one of those people, don't use a wireless mouse...

Deozaan:
It wouldn't shock me too much if someone eventually finds that such mouse information can be used to figure out something they shouldn't be able to.   It seems unlikely, but people have been surprised before by leaks of information from unusual areas (like timing or power usage). One possible situation where capturing mouse information might be an attractive target that comes to mind is that some programs use a virtual on-screen keyboard specifically to foil keyloggers. Not a common scenario, but if you're one of those people, don't use a wireless mouse...-mwb1100 (March 28, 2016, 11:52 PM)
--- End quote ---

But even that might not be very useful. As far as I understand, mice don't give precise information as far as movement/position. It's all relative. Something like +5 pixels in the X coordinate, -6 pixels in the Y coordinate. Click here, release there. Etc.

Even if you had an on-screen keyboard, the hackers might not know that, or how big it is, or where on the screen it's located. They'd probably have to know exactly what you're doing (i.e., have physical or at least visual access to your system) to get useful information from the movement and clicks of your mouse. In which case you probably already have other security problems to be worried about.

All that said, I am no security expert. There very well may be something I'm not considering.

Stoic Joker:
Does any of this apply to wireless keyboards?-mwb1100 (March 28, 2016, 06:44 PM)
--- End quote ---

According to the article, once you get a toe in the door...a foot follows..

A hacker uses an antenna, a wireless chip called a dongle, both available for the less $20 (USD), and a simple line of code to trick the wireless chip connected to the target computer into accepting it as a mouse.

"So the attacker can send data to the dongle, pretend it's a mouse but say 'actually I am a keyboard and please type these letters'," added Newlin. 
 
"If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute," said Chris Rouland, the CTO and Founder of Bastille. 

At a thousand words a minute, the hacker can take over the computer or gain access to a network within seconds. 
-The Article
--- End quote ---

So their must be a good bit of flex in the HID APIs

ayryq:
According to a certain 2009 pdf by logitech: Advanced_24_Unifying_FINAL070709.pdf

Not sure how much still applies today or if it has advanced further...
-hamradio (March 28, 2016, 09:30 PM)
--- End quote ---

The article mentions some "bargain" brands of mice. Mouses. I have one of those Logitech Unifying receivers and since it supports multiple devices with one receiver, it has a pairing process that must be used. I've never had any cross-talk between different Logitech devices on different PCs in my house. My guess is the hack requires a more simplistic device.

And a good antenna - on my old Logitech MX Revolution I'd love if i could get 1m range!

Navigation

[0] Message Index

[#] Next page

[*] Previous page

Go to full version