Do you use a wireless keyboard or mouse? If yes, you may be in danger of leaking out secret information or being attacked.
A recently discovered vulnerability, titled MouseJack, has been making the news. This set of vulnerabilities affects all non-Bluetooth wireless mice and keyboard and allows an attacker to type in commands from up to 100 feet away using a $15 dongle. An attacker can use this dongle to remotely press mouse buttons, type in code and commands and possible control a machine.
This vulnerability, coupled with the one discovered previously, where attackers could read all keystrokes on your wireless keyboard, makes it a potent tool in the hands of the wrong person.
KeySweeper, a ‘USB wall charger’ that can eavesdrop on almost any wireless Microsoft keyboard, was built by a security researcher and he posted the instructions to build one online. The device costs about $10 to make.
It can passively sniff, log and report back all keystrokes and could be used to record passwords, bank details or capture confidential documents as they are being typed.
Wireless mice and keyboard from other brands have been vulnerable in the past as well.
Ensuring physical access to your facilities is limited is one step you can take to protect yourself. Using non-wireless mice and keyboard is an obvious security precaution. However, responding to threats in such a piecemeal manner exposes us to other significant threats. Having a proper security plan in place is essential.