They also built a radio-enabled Nintendo controller capable of running their attack software, which they plan to show off at the RSA conference in San Francisco next week. They tested as far as that hundred-yard range, though they found that the attack was more reliable with a more powerful Yagi antenna and believe it could likely be extended further.
#TARGET LOGITECH MOUSE CODE#
In their tests, Rouland and Bastille researcher Marc Newlin used a $12 Geeetech Crazyradio USB radio dongle attached to a laptop running their exploit code to pair with the victim devices. “With about fifteen lines of code, you can take over a computer more than a hundred yards away,” says Chris Rouland, Bastille’s CEO, who previously founded the hacking firm Endgame, a US government contractor. That’s a new warning from researchers at the Internet of things security firm Bastille, who released an advisory today that seven different companies’ wireless keyboards and mice are vulnerable to an exploit they’ve dubbed “mousejacking.” The attack-which affects a broad collection of devices sold by Logitech, Dell, Microsoft, HP, Amazon, Gigabyte and Lenovo-lets an interloper inject mouse movements or keystrokes at a rate of a thousand words per minute from an nearby antenna, even when the target device is designed to encrypt and authenticate its communications with a paired computer.
For millions of cheap peripherals, those innocent-looking radio receivers may be carrying on a sly, long distance relationship-letting an antenna-wielding intruder silently type malicious commands on your PC.
That tiny dongle plugged into your USB port and paired with your wireless keyboard or mouse isn’t as monogamous as it pretends to be.
0 kommentar(er)
