Wireless mice and keyboards are quite popular among computer users. However, few people know how vulnerable these devices are to hacker attacks.
What is the vulnerability of wireless devices
The difficulty lies in the fact that a unified standard for ensuring the security of wireless data input devices has not been developed.
The reason for the vulnerability of wireless computer mice is that manufacturers use unencrypted radio protocols. This means the codes do not change when the keys are pressed when they are sent to the USB receiver.
Most wireless keyboards encrypt the signal, but this does not guarantee security. With the commands of the jailbroken mouse, you can use the keyboard thanks to the uniform protocols of the equipment. This attack method is called MouseJack.
Some network transceivers allow multiple devices to be connected to a single dongle. Using this option, attackers can attach their wireless keyboard to a user's mouse without having to hack it.
Another problem is that on most wireless keyboards and mice, there is no way to update the firmware. Crackers only need to make an attack once, and they can use such equipment as much as they need.
Bluetooth – Keyboards and mice are more secure than comparable USB hardware. Intercepting Bluetooth – the signal is more difficult than the radio signal, so the probability that a hacker attack will give a result is minimal.
How attackers can exploit device vulnerabilities
Once hacked, hackers can intercept any characters entered by the user on the keyboard. PIN codes of bank cards can be stolen when paying for goods in online stores, logins, passwords of various sites and mailboxes.
Hacking allows you to control your computer: open various windows, install malware, type on a wireless keyboard, start deleting any data, reboot the system.
Another type of attack, MouseJack, renders equipment unusable. If a wireless keyboard or mouse is used with vital systems, such as in a hospital, or used to secure a facility, hacking can have serious consequences.
How information interception is performed
Information interception is carried out in several ways:
- Interception via NRF24. The method does not require large financial investments and special knowledge about radio waves. A scanner for the NRF24 chip is created, which is used by manufacturers of mice and keyboards. It allows you to identify potentially unprotected equipment and attacks it. Hacking requires an Arduino or Raspberry microcontroller, an nRF24L01 + chip, and a laptop. The total cost of the scanner is about 300 rubles.
- Interception via SDR. Input devices can be attacked with an SDR transceiver. No wires are required for this attack method, and no programming is required. The SDR transceiver connects via USB and starts searching for possible vulnerable devices. The cost of such a scanner starts at $ 400.
When using any of these methods, the hacker does not need to get close to the attacked computer. Listening to the broadcast can be carried out at a distance of up to 100 meters, and with amplifiers and special antennas, the distance will be even greater. If an attacker uses the MouseJack attack method, the radius of impact grows to 0.5-1.5 km.
Hacking mouse and keyboard experiment
The experts conducted a series of tests, the purpose of which was to find out how vulnerable peripherals from well-known manufacturers are susceptible to hacker attacks, and to determine the consequences of these attacks. For the experiment, a universal scanner was created for SDR and NRF24. The scanner allows you to identify unsecured wireless devices, control the mouse and keyboard, access and replace user data. The following test results were obtained:
- Microsoft (keyboard and mouse): managed to connect, send and replace data, successfully applied MouseJack attack;
- A4Tech (mouse): it turned out to intercept mouse control, follow links and sites;
- Logitech (keyboard and mouse): The attack disabled hardware.
This experiment showed how easily the devices that users use every day are susceptible to hacking. It is better not to use wireless keyboards and mice when entering confidential data: logins, passwords, CVV-codes from bank cards, especially if you work with a computer in public places.