Sepio | Blog

MouseJack

MouseJack

Ever heard of a MouseJack Attack? You are at work, sitting at your desk in front of your computer, aimlessly scrolling through Twitter. Suddenly you see that you have just “liked” a picture posted by someone you went to school with 15 years ago – awkward! But you are sure that you did not click anything. You know to be more careful than that. Then, you observe something appearing in the search bar, confirming that you are not the one who is typing…

What is going on? Who is doing this? How are they doing this? Well, the USB dongle that your wireless mouse and keyboard use to communicate with the host computer has been compromised. Instead, your benign dongle has been replaced with a malicious $15 USB device (Bad USB) that allows an attacker to impersonate your mouse or keyboard.

MouseJack

This is known as MouseJacking (Hacked Device). The bad actor can actually move your mouse and/or type keystrokes from up to 100 meters away. So, no, it was not you that “liked” your peer’s picture, but the attacker obviously found it worthy of one.

MouseJack involves exploiting the weak encryption used by some wireless mice and keyboards, allowing an attacker to send malicious commands to the target computer. By injecting malicious keystrokes or mouse movements, an attacker could potentially take control of a victim’s computer, execute commands, or perform other malicious actions (drones attack).

Risks for Organizations

In a more perilous situation, the perpetrator might perform a MouseJack attack on a target organization in order to obtain sensitive information or compromise the network (hardware attack). By impersonating the mouse and keyboard, the malicious actor can install ransomware and rootkits. Or copy files off the computer in seconds, having damaging consequences for the victim.

In addition to performing these actions, the USB dongle also receives the information describing the actions of the user. Such as how they move their mouse and which keys they are pressing on the keyboard. With this, the attacker can obtain sensitive information such as usernames, passwords, security question answers and credit card information. By acquiring login credentials, the perpetrator can access the network and cause further damage. In instances where they steal credit card information, they can sell it on the black market and engage in credit card fraud.

An organization can face significant danger from a MouseJack attack because it enables a malicious actor to infiltrate without detection. The computer won’t identify the device’s malicious intent in such cases. Being recognized as a genuine HID means that this hardware device will not raise any security alarms… And the organization will not know that they are being attacked until it is too late.

How to Protect Against Mousejacking

Firmware Updates: Keep the firmware of your wireless devices up-to-date. Manufacturers may release updates that address security vulnerabilities.

Encryption: Choose devices that use strong encryption protocols to secure communication between the device and the receiver.

Security Awareness: Be cautious when using wireless input devices in public spaces, as attackers would need to be in close proximity to carry out mousejacking attacks.

Vendor Recommendations: Follow security guidelines provided by the manufacturers of your wireless devices.

It’s important to note that while mousejacking is a potential threat, the risk varies depending on the specific make and model of the wireless devices in use.

Sepio Can Help Against Stealthy MouseJack Attacks

Sepio’s Asset Risk Management provides organizations physical layer visibility into all devices operating over network and USB interfaces. All network devices are visible, and their physical layer information identity is revealed. As well as identifying those which are acting in anomalous ways.

Sepio policy enforcement mechanism facilitates control over hardware access by implementing a stringent set of policies determined by the identity of the device. It promptly identifies any devices that violate the predefined policies and initiates an automatic mitigation process to prohibit the device. This effectively thwarts malicious actors from executing hardware-based attacks, particularly all USB connections and mitigation of MouseJack Attacks (bad USB).

Having comprehensive visibility into all network assets (asset inventory) is an essential requirement for safeguarding hardware. However, the value of this information lies in the actions you can take based on it. Sepio, provides immediate insights into network devices requiring attention. Through Asset DNA technology and policy rules, it alerts you to high, medium, and low risks, accelerating the resolution time and thwarting hardware-based attacks, including MouseJacking. This real-time, actionable visibility empowers your security team to gain a deeper understanding of your device attack surface and proactively manage your hardware defense.

So, that innocent mouse or keyboard that you are using might be one of your greatest security threats.

See every known and shadow asset. Prioritize and mitigate risks.
Talk to an expert. It will help you understand how to use Sepio’s patented technology to gain control of your asset risks.

December 21st, 2020
Jessica Amado

Jessica Amado
Head of Cyber Research

Related Posts

  •
    Invisible Network Devices

    Invisible or hidden Network Devices detection is security processes aimed to detect malicious unauthorized devices connected to a network.

  •
    Hacked Device

    As part of an academic security research that included the scanning of repositories of files, researchers came across classified operational documents that belonged to a large natural gas utility operator.