PCs with non-Bluetooth wireless mice and keyboards can be hacked from up to 100 meters

Security researchers from Bastille warn about safety concerns of popular (non-Bluetooth) keyboards and mice sold by companies like Logitech, Dell, Microsoft, HP and Lenovo. Because many of the USB dongles used by wireless peripherals do not use encryption, a hacker could spoof the connection and use this as a vector to hijack the PC and install malware.

Testing by Bastille revealed that with the use of a long-range radio dongle ($15-$30) and a couple of lines of code, they could intercept and hijack USB dongle radio signals at a distance of up to 100 meters. Using the MouseJack attack, a nearby attacker could install a rootkit on your PC in about 10 seconds:

The hacker can, therefore, send packets that generate keystrokes instead of mouse clicks, allowing the hacker to direct your computer to a malicious server or website in mere seconds.

During their tests, researchers were able to generate 1000 words/minute over the wireless connection and install a malicious Rootkit in about 10 seconds. They tested several mice from Logitech, Lenovo, and Dell that operate over 2.4GHz wireless communications.

An illustration of the attack can be seen in the video below:



A list of affected devices can be found at Bastille. Logitech confirmed the issue and rolled out a security update.