Using a wireless mouse or keyboard? Then you need to know about this

Logitech wireless mouse

In a worrying development for those who use a wireless mouse or keyboard (or indeed both), these peripherals can be hacked from a distance, and then used by an attacker to carry out malicious actions, such as installing malware, on the connected laptop or PC.

This issue was discovered by Mark Newlin, a researcher for security firm Bastille, with the exploit being christened MouseJack. The vulnerability is in the way the cordless peripheral communicates with the wireless dongle plugged into a USB port on the PC – because this connection isn't encrypted, an attacker can hack in and inject keystrokes onto the machine.

The attacker needs a computer equipped with its own wireless dongle to send the keystrokes, although implementing the attack was hardly a trivial process – PC World reports that it took Newlin "between days and weeks" to reverse engineer the wireless protocols to be able to inject said keystrokes.

From a distance

This can happen from a distance of up to a hundred yards away, apparently – as long as the attacker has line of sight on the victim's machine – and it affects a large range of peripherals from the likes of Dell, HP, Lenovo, Logitech and Microsoft to name some.

As well as line of sight, the other caveat is that the victim has to be away from their machine, or at least not looking temporarily, as otherwise they'll see the keystrokes and actions happening and could potentially prevent whatever the attacker is trying to do (note that an attack could potentially be carried out quite swiftly, though).

The good news is that Logitech has moved to issue a patch, and other peripheral manufacturers are looking into the flaw, and will hopefully be taking action of their own soon enough. Meanwhile, be warned...

Note that this is a particularly worrying exploit for businesses, as not only could an attacker gain access to the victim's machine, but also the entire network beyond that, and who knows how much juicy business data could potentially be exposed.

TOPICS

Darren is a freelancer writing news and features for TechRadar (and occasionally T3) across a broad range of computing topics including CPUs, GPUs, various other hardware, VPNs, antivirus and more. He has written about tech for the best part of three decades, and writes books in his spare time (his debut novel - 'I Know What You Did Last Supper' - was published by Hachette UK in 2013).

Latest in Security
Isometric demonstrating multi-factor authentication using a mobile device.
NCSC gets influencers to sing the praises of 2FA
Sam Altman and OpenAI
OpenAI is upping its bug bounty rewards as security worries rise
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Dangerous new CoffeeLoader malware executes on your GPU to get past security tools
China
Notorious Chinese hackers FamousSparrow allegedly target US financial firms
A digital representation of a lock
NYU website defaced as hacker leaks info on a million students
NHS
NHS IT supplier hit with major fine following ransomware attack
Latest in News
Nintendo Switch 2 Joy-Con up-close from app store
Nintendo's new app gave us another look at the Switch 2, and there's something different with the Joy-Con
cheap Nintendo Switch game deals sales
Nintendo didn't anticipate that Mario Kart 8 Deluxe was 'going to be the juggernaut' for the Nintendo Switch when it was ported to the console, according to former employees
Three angles of the Apple MacBook Air 15-inch M4 laptop above a desk
Apple MacBook Air 15-inch (M4) review roundup – should you buy Apple's new lightweight laptop?
Witchbrook
Witchbrook, the life-sim I've been waiting years for, finally has a release window and it's sooner than you think
Amazon Echo Smart Speaker
Amazon is experimenting with renaming Echo speakers to Alexa speakers, and it's about time
Shigeru Miyamoto presents Nintendo Today app
Nintendo Today smartphone app is out now on iOS and Android devices – and here's what it does