Some wireless mice allow attackers to trigger keystrokes on the victim's computer and thereby take over the system. How the attack works and how it can be prevented is shown in this post.
The USB receivers of some wireless mice not only accept mouse movements but also keystrokes.
Since the communication between the mouse and the radio the receiver is not authenticated, anyone can send keystrokes to the receiver.
These are then carried out on the victim's device to which the receiver is connected. This enables an attacker to run malware on the victim's computer, for example.
Bluetooth peripherals are not affected because the fault lies in the inadequately protected proprietary protocols.
The attacker can execute any commands
from a distance of up to 100 meters as if he had access to the computer
himself. All you need is one antenna, which everyone can buy cheaply.
How Does the Attack Work?
First, the attacker looks for vulnerable devices in his vicinity by listening to the radio signals.
Once he has found a target, he can send commands to the USB receiver himself.
In the worst-case scenario, this could allow the attacker to gain full control over the target device.
Without physical access to the system, he can surprise his victim by using the keyboard inputs instead of the victim and thereby controlling the computer.
The attacker has all the permissions that the victim has because there is no distinction between real keystrokes by the victim and those of the attacker.
Therefore,
the attacker can install malware on the victim's computer in the
name of the victim provided the virus scanner does not prevent it or steal
private files.
You need to install antivirus software to protect your laptop and computer from malware attacks. Protegent Free Antivirus is one of the best solutions to keep your computer secure.
What Does This Method Have in Common
with A Rubber Ducky?
This attack is the wireless version of a rubber ducky. A rubber ducky is an automated keyboard disguised as a USB stick that sends a predefined key sequence to a computer after it has been connected.
Because the operating system trusts all devices that pretend to be a keyboard, it also grants the Rubber Ducky access to the system.
In contrast to the Rubber Ducky, the attacker does not have to connect a USB device to the victim's computer, but can achieve exactly the same thing from a safe distance.
Since the attacker can stay up to 100 meters from his target, the victim does not immediately notice the source of the attack.
To close this
gateway, the USB receiver of the wireless mouse should not accept any
unauthenticated input.
How Can You Protect Yourself Against
This?
Logitech is the only manufacturer of programmable USB receivers to offer a firmware update that closes the security gap by implementing the proposed solution.
After installing the updated firmware, it is no longer possible to trigger your own keystrokes on the connected device.
Microsoft has released a Windows update for its mice that discards keyboard input from a mouse on the software side.
With devices from other manufacturers, such as Dell, HP, and Lenovo, it is not possible to install an update, so you have to replace the device to rule out this risk.
If you want to be on On the safe side, you should make sure to use wireless mice that are not susceptible to this security hole.
A list of affected devices that should not be used can be found here.
It
is safer to use peripheral devices connected via Bluetooth or to use wired
input devices. Also, you should always lock your session if you
leave your computer unattended so that nobody can access it unnoticed.
Comments
Post a Comment