Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News
News Categories

Logitech M185 and other wireless mice are susceptible to keystroke injection attacks

By Wong Chung Wee - on 19 Mar 2019, 2:22pm

Logitech M185 and other wireless mice are susceptible to keystroke injection attacks

Image source: Logitech

According to security researcher David Sopas, the popular Logitech M185 and other wireless mice are vulnerable to the MouseJack keystroke injection attack.

This vulnerability has been highlighted in 2016 but the Logitech M185 is a recent addition to the list of affected devices. Initially, Sopas went through the list and his own Logitech M185 device wasn’t on it. Given the wild popularity of the device, he decided to experiment with his own MouseJack kit, which was built primarily with a US$30 Crazyradio PA and the bettercap application. The MouseJack kit is effective on target devices from up to 100m away.

Image source: Bastille Networks Internet Security

The security vulnerability of the Logitech M185 mouse makes it susceptible to keystroke attacks, i.e., an attacker can “specially crafted packets which generate keypresses instead of mouse movement/clicks.” As proof of concept, Sopas demonstrated his attack by injecting a script to the host computer to launch Windows calculator.

According to the Bastille Networks Internet Security, the only way to avoid such attacks is to stop using affected devices, or wait for firmware updates for their respective manufacturers to patch their vulnerabilities. The MouseJack vulnerability appears to be confined to wireless mice that rely on USB radio dongles over unencrypted communication channels. Bluetooth input devices appear to be unaffected for now.

Do head over to Bastille Networks Internet Security’s site and check if any of your wireless input devices are on the affected list.

Source: David Sopas, Bastille Networks Internet Security, Logitech, bettercap

Loading...