When threats lay dormant in your wireless peripherals

April 13, 2016
When threats lay dormant in your wireless peripherals

It is an element of progress to have our mouse or keyboard wirelessly communicating with the computer, but have you ever wondered what dangers lie dormant in this efficient technology?

A pair of Bastille researchers decided to verify just how vulnerable remote peripherals are  to malicious attacks – and their results came back positive. Wireless peripherals that employ unencrypted signals are in fact hackable from as far as 180 meters, the two specialists discovered.

The research’s conclusion is simple: when using (for example) certain wireless mice from one of this seven producers:  Logitech, Dell, Microsoft, HP, Amazon, Gigabyte and Lenovo, an attacker can perform operations involving your computer just as if siting at your desk. The remote signals can trick the computer into believing the wireless mouse is a keyboard, and take commands from it (or rather via the mouse, from the attackers).

What did the researchers (experimentally) exploited this vulnerability for? They managed to install a malicious Rootkit in approximately 10 seconds and generated a flow of 1000 words per minute, using just a $15-$30 hacking kit and coding.

Since RF communications are a hot security issue, being employed in wireless communications, card readers, vehicle alarms and various other technological processes (industrial sensor networks, for example), this demo exploit deserves further attention.

*As a supplementary mention, the same team demonstrated the possibility for malicious attacks to be carried through Bluetooth-connected keyboards.

Wireless mice – a brief functionality overview

Most of the wireless mice employ radio frequency communication channels, a system that requires a transmitter and a receiver. The transmitter is located in the mouse, while the receiver is the tiny part that comes with the mouse and goes into the computer’s USB plugin- the dongle; or it can be built-in computer component.

The specificity of RF communications resides in their dedicated spectrum and bandwidth. There are standardized and regulated channels that devices use when communicating. These frequencies are not secret and therefore they are prone to intrusions – malicious entities illegally access these frequencies in order to intercept or to jam the authorized communications.

That is why the more efficient devices come with a feature called frequency hopping that allows the automated frequency change. The transmitter situated in the wireless mouse would then change the frequency it sends commands through and the receiver will adequately re-adapt to the new frequency.

*In this malicious attack scheme, the intruder goes on the same frequency and sends a different command to the receiver, who in turn mistakes this command for an authorized, normal command coming from the wireless mouse transmitter. Of course, to be able to do this, the cyber-intruder has to first bypass the pairing mode used in connecting the original transmitter and receiver – but apparently this “force-pairing” is not a problem for the hijackers.

What can tech producers do about dormant threats?

Following the release of this study’s results, the producer companies have been notified of the vulnerabilities. Unfortunately, most of the commercialized peripherals that are already in use do not support updates.

The general reaction coming from the companies consisted into statements that the companies would further investigate the vulnerabilities themselves (as Microsoft declared).

Logitech offered a firmware update while appreciating it would be difficult to exploit the vulnerability discovered by the two researchers when outside an experimental environment.

Lenovo offered to exchange the consumers’ keyboards that need the specific firmware update in order to eliminate the vulnerability (the Lenovo 500 Wireless keyboard, older versions, free of charge).

*Note: on the research team’s website only the Logitech and Lenovo 500 devices are identified as supporting firmware updates that would remedy the issue.

Dell implemented a customer support policy and recommended the containment of possible security incidents by using Lock Screen whenever the users are away from their computers, without any exchange offer.

AmazonBasics, Gigabyte and HP did not address the researchers’ results in any way, at least not according to the demo exploit webpage.

In what future peripherals are concerned, probably the producers will take into consideration this vulnerability and eliminate the risks from the firmware design phase onward.

What can the affected users do about dormant threats?

Considering that a tech consumer is not indifferent to the idea that his peripherals may facilitate a cyber-attack on his computer, there are a few steps to consider:

  • Use the Dell recommended Lock Screen feature of your Operating System whenever you are not active on your computer, until you replace or remedy the vulnerable dongle;
  • Follow the links on the Mousejack experiment webpage for the appropriate firmware updates if they are available for your mouse/keyboard;
  • If there are no other options and you are extremely cyber-security conscious, just replace the vulnerable peripheral with a secure one – try and choose one that sends only encrypted data packets between the transmitter and the terminal.

So far, the various wireless mice on the market are more frequently tested for comfort, durability, warranty, sensor, connectivity and other practical features – not for their cyber-security resilience, but maybe there will be tops featuring the most secure wireless mice, too. Until then, try and browse the market for peripherals endowed with Advanced Encryption Standard (AES) 128-Bit Encryption. Here’s an older example – the Microsoft Wireless Desktop 2000, while a more recent (European) one comes from Cherry.

Subscribe to our weekly news digest!

Join now and become a part of our fast-growing community.

Invalid Email Address
Thanks for subscribing.
We'll be sending you our best soon.
Something went wrong, please try again later