In residences and across the cube farms of countless offices, as people are checking emails and typing documents, regardless of the platform, one piece of equipment is omnipresent-the mouse. As these people click through the URL link or pages of a patent the familiar and welcoming click is well-known to us all.
These seemingly mundane and harmless pieces of equipment are generally just that. They do their work, and aside from a battery change from time to time, we hardly take notice of them or consider them a threat to our cybersecurity. This changed recently with the vulnerability known as mousejacking. With this exploit, the wireless mouse using radio frequency (RF) may be attacked. This specific exploit excludes blue tooth enabled mice, or, if you are still utilizing one, a wired mouse.
The problem with the wireless mouse stems from the fact that the ‘communication’ from the mouse to the dongle inserted into the USB port is not encrypted. The communication regarding the movement of the mouse across the mouse pad is transmitted in clear text. In itself, the directional coordinates of the mouse are not necessarily significant. What is however important is this vulnerability allows an attacker to transmit HI packets to the RF address for the wireless mouse. From here a clever hacker can, with work, take over the user’s system, delete files, open the user’s browser and URLs, and a host of other acts that potentially would make the user’s life very interesting.
That doesn’t mean that you have to discard your wireless mouse and revert to the old fashioned wired one because there have been patches prepared for download from at least two manufacturers. This was coded to remove the issue. Another manufacturer has offered to trade-out the problematic hardware.
In the big picture of malware, there are much more nefarious malware samples that can cause serious problems for your digital system, but any vulnerability can be exploited under the right circumstances. Hacking your seemingly mundane mouse can cause issues and be destructive to your system so you should take steps to prevent that from happening.
Learn more about how to secure mobile devices at the National Cybersecurity Institute.
Charles Parker, II, has been coding since the mid-1980’s, and has been working in the finance, auto manufacturer, and health industries seeking secure solutions for issues for over 17 years. Charles has an MBA, MSA, JD, LLM, and is a doctoral candidate for a PhD in Information Assurance and Security.