Mousejack. Use a wireless mouse? This $15 hack could compromise your PC.

Discussion in 'other security issues & news' started by TairikuOkami, Feb 24, 2016.

  1. TairikuOkami

    TairikuOkami Registered Member

    Joined:
    Oct 10, 2005
    Posts:
    2,509
    Location:
    Slovakia
    https://www.bastille.net/affected-devices

    http://www.cnet.com/news/i-got-mousejacked/?ftag=CAD1acfa04&bhid=21042829401677677968185516752984

    If you have got Logitech, you might have a bit problem upgrading firmware, here is the solution:

    https://forums.logitech.com/t5/Keyb...ware-available-yet/m-p/1494051/highlight/true
     
  2. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    That is one reason why I still use my Logitech MX310 from 2003. Any wireless mouse and dangle should have encrypted communications since the day they were invented, but I guess people underestimated the power of hacking :)

    Logitech might have put out a firmware to fix this, but there are tons of companies who simply don't care for users' security, which is just sad.
     
  3. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    You may not know this... but you can still buy a keyboard and mouse with wires, and it's 2016. It's generally preferred since you don't need to change them.
     
  4. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    :argh: I know that. I just didn't see a reason to change to wireless, specially since this mouse has been working for 13 years.

    I also had a MX300 which was bought around the same era, and it only stopped working because I did a mess with the solder iron, so it was my fault.
     
  5. roger_m

    roger_m Registered Member

    Joined:
    Jan 25, 2009
    Posts:
    5,240
    There will no firmware update for the wirelss mouse I use, since it's a cheap $10 device I purchased from China. I'm not too worried about this personally, as 99% of the time I don't use a mouse. Even I was to start using it, I wouldn't be too worried. While there is the potential of a security risk, I think it is a very small risk.
     
  6. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    Strange that Bluetooth is rarely even mentioned at all this time. It's as if they think that's unrelated or everyone already knows about Bluetooth insecurities or something.
     
  7. Krysis

    Krysis Registered Member

    Joined:
    Dec 28, 2012
    Posts:
    366
    Location:
    DownUnder
    I knew that some WiFi Keyboard\Mouse combos were vulnerable to external hacking, but didn't think it applied to WiFi mouse (Mice?) So, there you go!

    I've used a WiFi mouse for years - even though I have a laptop (I can't stand using Touchpads).

    Mine isn't on the listing, so I guess I'm OK. In any case, I wouldn't discard my WiFi mouse as the convenience IMO outweighs the security risk.
     
  8. funkydude

    funkydude Registered Member

    Joined:
    Apr 5, 2004
    Posts:
    6,852
    After all the revisions that Bluetooth has gone through, one would think it would be stable by now. Or are you talking about old versions of Bluetooth?
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    I was just surprised that no comparisons, beyond one being affected and the other not, was made.
     
  10. Brosephine

    Brosephine Registered Member

    Joined:
    Dec 4, 2015
    Posts:
    143
    Location:
    lo·ca·tion (noun) "a particular place or position"
    Would a Logitech USB mouse/keyboard be vulnerable to this? If so, would a simple re-installation be a sufficient solution?
     
  11. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    756
    Location:
    SW USA
    Maybe yes. Maybe no. From post #1 above:
    And found using that google thing:
    https://forums.logitech.com/t5/Mice-and-Pointing-Devices/Logitech-Response-to-Unifying-Receiver-Research-Findings/m-p/1493878/thread-id/73186
     
  12. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    756
    Location:
    SW USA
    Got ya beat. I'm using an RS-232 mouse. COM 1 IRQ 4, of course...
     
  13. amarildojr

    amarildojr Registered Member

    Joined:
    Aug 8, 2013
    Posts:
    1,977
    Location:
    Brasil
    :argh::argh::argh::argh: That just made my day. Thank you, sir! :thumb:
     
  14. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    756
    Location:
    SW USA
    I just received a reply to my Zemana support inquiry: AntiLogger Premium will detect and block MouseJack.

    So, even if a Nordic Semiconductor nRF24L device is unsupported by a firmware update, protection is available if going wired is not an option.
     
    Last edited: Mar 7, 2016
  15. haakon

    haakon Registered Member

    Joined:
    May 25, 2015
    Posts:
    756
    Location:
    SW USA
    And now from Bitdefender:

    Kindly be informed that Intrusion Detection module of Bitdefender is responsible to deal with MouseJack threats.
    Best regards,
    - - - - -
    Bitdefender Technical Support Engineer


    Note that Intrusion Detection is available only in BD products having their firewall (Internet Security, et al). I've always keep mine set at Aggressive.
     
  16. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,742
    Location:
    Texas
    https://threatpost.com/range-of-mousejack-attack-more-than-doubles/117506/
     
Loading...