The concept of manipulating and compromising wireless devices is nothing new. Most wireless attacks that are conducted today are geared toward specific devices, such as wireless access points and routers that have wireless capabilities. However, there are also other wireless devices, such as mice and keyboards, that have attack vectors.
While wireless devices are certainly a potential attack vector, it is important to be cognizant of all of your wireless risk, not just that used for your network connectivity. One example of such risk is an aptly named exploit called Mousejack (CERT VU#981271). Released in early 2016, Mousejack is a collection of peripheral vulnerabilities that permit an attacker to manipulate communication between a wireless device and the receiver. An attacker can sit within approximately 100 meters of a vulnerable wireless device, such as a wireless keyboard, and inject keystrokes into the transmission. From a victim’s standpoint, it appears that their computer is typing on its own, and, before the user knows it, the payload has been executed. An attack that is both quick and able to be conducted from 100 meters away is unsettling for security administrators.
Although Mousejack is an older vulnerability, many users still have wireless mice or keyboards from years ago. These types of devices often get handed down among users and are rarely updated. One of the main problems with older wireless devices is their lack of encryption on the transmission between the devices, which essentially lets an attacker emulate typing on the victim’s keyboard by injecting packets into the unencrypted communication.
Mouse and Keyboard Attack Setup and Demonstration
The Mousejack attack requires:
A long-range open USB radio (e.g., Crazyradio PA);
Fortunately, as Mousejack is well documented, there is already prebuilt application code and firmware we can use to avoid having to write our code own based on the technical specifications.
We will be using a Crazyradio PA USB dongle as the long-range open USB radio.
This device is not only capable of interacting with radio frequency traffic on the 2.4 GHz ISM band, but also known to work with the Mousejack firmware and the toolkit necessary to launch the injection attack.
The JackIt toolkit is a set of scripts used to orchestrate the attack that leverages a simplistic payload language called Ducky Script. The Ducky Script payload language is essentially a sequence of keystrokes that will be executed once a vulnerable target is identified by the scripts within the JackIt toolkit. Once the Ducky Script payload is injected into the wireless communication, the victim’s computer believes the keystrokes to be coming from the victim’s keyboard and executes whatever commands are sent.
At a high level, taking the following steps is all that an attacker needs to do to execute a mouse and keyboard attack:
The following video shows a demonstration of how the Mousejack exploit can allow an attacker to take control of a wireless mouse.
Affected Devices
For reference, the devices affected by the Mousejack exploit include:
AmazonBasics MG-0975 Wireless Mouse
Dell KM636 Wireless Mouse and Keyboard
Logitech K270 Wireless Keyboard
Logitech K320 Wireless Keyboard
Logitech K750 Wireless Keyboard
Logitech K830 Illuminated Wireless Keyboard
Logitech Marathon M705 Mouse
Logitech Wave M510 Mouse
Logitech Wireless Gaming Mouse G700s
Logitech Wireless M325 Mouse
Logitech Wireless Touch Keyboard K400r
Microsoft All-In-One Media Keyboard
Microsoft Sculpt Ergonomic Mouse
Microsoft Wireless Keyboard 800 (including keystroke logging)
Microsoft Wireless Mobile Mouse 3500
Microsoft Wireless Mouse 1000
Remediation
To address the vulnerabilities associated with the Mousejack exploit, your organization can use wired mice and keyboards and upgrade firmware to a known unaffected version (some versions are not fixable).
Should your organization have any questions about how to better protect wireless devices, whether it be routers, mice, or anything in between, please feel free to reach out to our IT solutions and cybersecurity team.
This publication contains general information only and Sikich is not, by means of this publication, rendering accounting, business, financial, investment, legal, tax, or any other professional advice or services. This publication is not a substitute for such professional advice or services, nor should you use it as a basis for any decision, action or omission that may affect you or your business. Before making any decision, taking any action or omitting an action that may affect you or your business, you should consult a qualified professional advisor. In addition, this publication may contain certain content generated by an artificial intelligence (AI) language model. You acknowledge that Sikich shall not be responsible for any loss sustained by you or any person who relies on this publication.
About the Author
Matt Sheimo
Matt is a Senior Consultant on the Sikich Cybersecurity group’s penetration testing team. He has spent the past 10 years honing his security skills, whether it was while working as a systems and network administrator or performing penetration testing.
In addition to having a Master of Science degree in Cyber Security, Matt is a certified Offensive Security Certified Professional (OSCP) and Certified Information Systems Security Professional (CISSP). He enjoys conducting security research and mentoring students new to the security field.
Sign up for Insights
Join 14,000+ Business executives and decision makers.
Latest Insights
Oracle Cloud
Redefining Internal Audit: How Oracle RMC Elevates Efficienc...
December 20, 2024
Oracle Cloud
Redefining Internal Audit: How Oracle RMC Elevates Efficienc...
December 20, 2024
Implementing Oracle Risk Management and Compliance (RMC) redefines the role of Internal Audit Managers, transforming the traditional audit process in...
From Paper to Automation: Rethinking Shop Floor Reporting
December 18, 2024
Technology
From Paper to Automation: Rethinking Shop Floor Reporting
December 18, 2024
Traditionally, manufacturers have relied heavily on manual shop floor reporting methods involving paper logs, spreadsheets, chalkboards, and color-co...
Enhancing Disaster Recovery with Microsoft Azure Site Recove...
December 17, 2024
Article
Enhancing Disaster Recovery with Microsoft Azure Site Recove...
December 17, 2024
Ensuring business continuity and minimizing downtime during unexpected disruptions is always paramount for any business. Microsoft Azure Site Recover...
The Cost of Free Custom Code in Multi-Company Organizations
December 16, 2024
Dynamics 365
The Cost of Free Custom Code in Multi-Company Organizations
December 16, 2024
If you are part of a large, multi-company organization, or if you have various "affiliated" companies, you may find yourself in a situation where cus...
Transforming the Role of Risk Managers with Oracle RMC: From...
December 13, 2024
Oracle Cloud
Transforming the Role of Risk Managers with Oracle RMC: From...
December 13, 2024
In the evolving world of risk and compliance, the role of the Risk Manager is transforming at an unprecedented pace. Traditionally, managing risk mea...
Only One Microsoft Dynamics 365 ERP System Is the Right Solu...
December 12, 2024
Technology
Only One Microsoft Dynamics 365 ERP System Is the Right Solu...
December 12, 2024
Are you looking to upgrade from an older Microsoft ERP system, like Dynamics AX, Dynamics NAV, Dynamics GP, or Dynamics SL? Or are you considering Mi...
For the second year running, I attended the Association of Equipment Manufacturers annual conference. This year it was in sunny and warm Indian Wells...
Managing user privileges is a critical part of maintaining robust security policies. Traditional methods of managing privileges, such as using local ...
Setting Up Delegate Approval Functionality in NetSuite
December 9, 2024
Technology
Setting Up Delegate Approval Functionality in NetSuite
December 9, 2024
Unexpected delays can halt critical approval processes. Even the most benign activities can slow or stop business operations. Scheduled vacations, il...
This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.
Strictly Necessary Cookies
Strictly Necessary Cookie should be enabled at all times so that we can save your preferences for cookie settings.
If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.