MouseJack Attack

MouseJack Attack

Ever heard of a MouseJack Attack? You are at work, sitting at your desk in front of your computer, aimlessly scrolling through Facebook. Suddenly you see that you have just “liked” a picture posted by someone you went to school with 15 years ago – awkward! But you are sure that you did not click anything; you know to be more careful than that. Then, you see something being typed in the search bar and now you know for sure that you are not the one typing…

What is going on? Who is doing this? How are they doing this? Well, the USB dongle that your wireless mouse and keyboard use to communicate with the host computer has been compromised. Instead, your benign dongle has been replaced with a malicious $15 USB device that allows an attacker to impersonate your mouse or keyboard. This is known as MouseJacking. The bad actor can actually move your mouse and/or type keystrokes from up to 100 meters away. So, no, it was not you that “liked” your peer’s picture, but the attacker obviously found it worthy of one.

In a more perilous situation, the perpetrator might perform a MouseJack attack on a target organization in order to obtain sensitive information or compromise the network. By impersonating the mouse and keyboard, the malicious actor can install malware and rootkits, or copy files off the computer in seconds, having damaging consequences for the victim. In addition to performing these actions, the USB dongle also receives the information describing the actions of the user, such as how they move their mouse and which keys they are pressing on the keyboard. With this, the attacker can obtain sensitive information such as usernames, passwords, security question answers and credit card information. By gaining login credentials, the perpetrator can gain access to the network where more damage can be done. In cases where credit card information is stolen, this can be sold on the black market and used for credit card fraud.

A MouseJack attack can be extremely dangerous as it allows a bad actor to infiltrate an organization without being detected since the computer will not recognize the malicious nature of the device. Being recognized as a genuine HID means that this hardware device will not raise any security alarms… And the organization will not know that they are being attacked until it is too late. Sepio’s Hardware Access Control Solution (HAC-1) provides organizations with complete visibility into all devices operating over network and USB interfaces, as well as identifying those which are acting in anomalous ways. By providing total visibility, a stronger cybersecurity posture is achieved and the risk of a successful MouseJack attack is significantly reduced.

So, that innocent mouse or keyboard that you are using might be one of your greatest security threats.

Sepio platform uses a novel algorithm, a combination of physical layer fingerprinting module coupled with a Machine Learning module – providing the sought-after visibility and enforcement level, it is further augmented by a threat intelligence database – ensuring a lower risk hardware infrastructure.

Hardware Assets Control solution for iot security

Sepio Hardware Access Control HAC-1, provides 100% hardware device visibility.

HAC-1 enables Hardware Access Control by setting rules based on the devices characteristics.

HAC-1 instantly detects any devices which breach the set rules and automatically block them to prevent malicious attacks.

The idea is to Verify and then Trust that those assets are what they say they are.

With greater visibility, the zero-trust architecture can grant access decisions with complete information.

Thus, enhancing the enterprise’s protection within, and outside of, its traditional perimeters.

The Hardware Access Control capabilities of HAC-1, block Rogue Devices as soon as they are detected

Our HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Sepio Hardware Access Control HAC-1 provides 100% hardware device visibility. No device goes unmanaged. Rogue Devices are block as soon as they are detected. HAC-1 solution stops an attack at the first instance, not even allowing such devices to make network access requests.

Physical Layer Fingerprinting

Sepio is the only company in the world to undertake Physical Layer fingerprinting . HAC-1 detects and handles all peripherals; no device goes unmanaged.

With this total visibility, a stronger cyber security posture is achieved. There is no longer needed to rely on manual reporting or employee compliance. Sepio manage security and provides answers to questions such as:

  • Do we have an implant or spoofed device in our network?
  • How many IoT devices do we have?
  • Who are the top 5 vendors for devices found in our network?
  • Where are the most vulnerable switches in our network?

Having visibility across all hardware assets provides a more comprehensive cyber security defense.

Reduce the risk of a hardware attack being successful and our private health data being stolen.

Founded in 2016 by cybersecurity industry veterans from the Israeli Intelligence community, Sepio’s HAC-1 is the first hardware access control platform that provides visibility, control, and mitigation to zero trust, insider threat, BYOD, IT, OT and IoT security programs.

Sepio’s Technology

Sepio’s hardware fingerprinting technology discovers all managed, unmanaged and hidden devices that are otherwise invisible to all other security tools.

Sepio is a strategic partner of Munich Re, the world’s largest re-insurance company, and Merlin Cyber, a leading cybersecurity federal solution provider.

Heavy spending on cybersecurity should bring a high return on investment, yet gaps in visibility limit this.

HAC-1 fingerprinting technology and MouseJack Attacks

Sepio Hardware Access Control (HAC-1) solution provides a panacea to gaps in device visibility to ensure you are getting the most out of your cybersecurity investments.

HAC-1 integrates with existing solutions, such as NAC, EPS, SIEM and SOAR, to enhance the organization’s cybersecurity posture.

HAC-1’s deep visibility capabilities mean no device goes unmanaged; the solution identifies, detects, and handles all IT/OT/IoT devices.

Moreover, HAC-1’s policy enforcement mechanism and Rogue Device Mitigation capabilities instantly block any unapproved or rogue hardware.

In doing so, ultimately, HAC-1 enables a Zero Trust Hardware Access approach which stops attackers at the first line of defense.

Sepio supporting compliance

Sepio Hardware Access Control (HAC-1) solution provides entities with the Physical Layer coverage they need to obtain complete device visibility. And, in doing so, also provides protection against hardware-based attacks.

As the leader in Rogue Device Mitigation (RDM), Sepio’s solution identifies, detects and handles all peripherals; no device goes unmanaged.

HAC-1 fingerprinting technology

HAC-1 uses Physical Layer fingerprinting technology and Machine Learning to calculate a digital fingerprint from the electrical characteristics of all devices and compares them against known fingerprints.

In doing so, HAC-1 is able to provide organizations with ultimate device visibility and detect vulnerable devices and switches within the infrastructure.

In addition to the deep visibility layer, a comprehensive policy enforcement mechanism recommends on best practice policy and allows the administrator to define a strict, or more granular, set of rules for the system to enforce.

When a device breaches the pre-set policy, HAC-1 automatically instigates a mitigation process that instantly blocks unapproved or Rogue hardware.

Furthermore, HAC-1’s RDM capabilities support compliance with Section 8 of the EO, which concerns the government’s investigative and remediation capabilities.

Section 8 focuses on enhancing data collection efforts in order to improve the investigation and remediation processes following an incident. HAC-1 logs all hardware asset information and usage and maintains such data for a period defined by the system administrator.