History of Mousejacking And Malicious Keystrokes

Mouse + hijacking = mousejacking.

Mousejacking is an evil technique when a hacker “hijacks” or gains control over the vast majority of wireless, non-Bluetooth keyboards, and mice.

BadUSB

For the first time, the world heard about the vulnerability in 2014 when researchers at SR Labs, a data protection research company, found out that the flaw in the USB protocol allowed attackers to change the firmware of devices connected to the PC and insert malicious modules into it.

At the same time, the usual antivirus wasn’t able to detect “a bug” and other hacker tricks, since it checked only the contents of the disk, flash drive or RAM, without scanning the internal programs of keyboards, mice, and other common USB devices.

Thus, if desired, attackers could embed code that was almost impossible to detect in virtually any device connected to the PC. Carsten Nol and Jacob Lell managed to justify their guesses by creating a malicious application called BadUSB spread via USB gadgets. With the help of the firmware, they changed files on the computer, redirected internet traffic, and performed other actions imperceptibly for the owner of the computer. At the same time, a program could infect computers, and then other USB devices. Carsten Nol and Jacob Lell presented their discovery at BlackHat the same year.

KeySniffer

The technique gained more notoriety in early 2016 when Bastille, a security company specializing in wireless and Internet of Things (IoT) threat detection, issued a whitepaper describing the vulnerability. The attack involved exploiting vulnerable 2.4 GHz input devices by injecting malicious keystrokes into the associated USB dongle. This was made possible as keyboards and mice didn’t have encryption.

The vulnerability was called KeySniffer. All the keystroked were eavesdropped and later recorded by hackers. It means that whenever a victim accessed their bank account or cryptocurrency wallet, for instance, a hacker hijacked the transmission of sensitive data with the help of rather cheap equipment (for example, Crazyradio PA for $30).

In addition to eavesdropping, an attacker could inject their malicious keystroke commands to install malware and exfiltrate data.

Trojan Zusy

In 2017, cybersecurity experts discovered a new virus that infected a computer when the mouse cursor simply hit a link. The download of malware began when a user hovered a mouse over the hyperlink in the PowerPoint file. The harmful element was activated, which lead to downloading the c.php file to the computer from the ccn.nl domain. After the user’s computer was infected with the Trojan Zusy virus, it transferred all data about the victim’s bank account to third parties. This technique was used for a spamming campaign to financial companies.

What Devices Are Vulnerable?

At this point, you are probably wondering which input devices are vulnerable. The most complete list can be found on Bastille: computer mice and keyboards.

The research team of Bastille found that eight of the twelve manufacturers of keyboards they tested had this vulnerability. Notably, most of the keyboards were made by HP; and although the sample number isn’t large, certain conclusions can already be made. The researchers also found that vulnerable keyboards could not be fixed or updated, and the only fix for the keyboard is to stop using it. KeySniffer is the most well-known vulnerability (if not the only one) that a keyboard is susceptible to, and the fact that manufacturers produce the keyboards disregarding the problem is really worrying.

Moreover, there are issues with Microsoft and Logitech products. Vulnerable Microsoft products include (reportedly not limited to):

Sculpt Ergonomic Mouse

Wireless Mobile Mouse 4000

Wireless Mouse 5000

The Logitech devices that leverage the “Unifying” dongle are likely to be affected as well. The dongle is identifiable by an orange star printed on the hardware.

How To Protect My Device?

Nohow :)

Okay, to be serious, to protect the wireless device, you need to switch to wired ones or migrate to Bluetooth.

Although Microsoft and Logitech released their security advisory, experts claim that patches don’t eliminate the issues effectively and there is still a chance that a device can be hijacked.

You can review Microsoft Security Advisory released in April 2016. The optional update adds additional robust filtering at the dongle, so that rogue keystroke is detected and discarded. Nevertheless, some devices remain vulnerable even after the patch is employed.

Logitech requires users to apply a firmware update manually. It’s a multi-step procedure that is rather difficult for less technical end users. Besides, the IT departments will have to struggle with a massive manual update across the entire company.

Anything connected to the internet can be hacked. Anything you post on the internet can be used against you. We’re living in the 21st century and technologies have already enslaved our minds. For better or for worse — no idea. However, as a user, you need to be alert and knowledge-zesty, always.

You May Also Like

How Centralized Cryptocurrency Exchange Works: 2 Types of Platforms

It’s OK to Be Paranoid Online

Cryptocurrency Exchange VS Stock Exchange

At ROKKEX, we take security extremely seriously and our crypto exchange is built on ‘Security First’ principle. We want to share our expertise with the broader public for the world to become happy, safe, and wise :)

If you have any ideas and suggestions, contact us at

Website . LinkedIn . Facebook . Twitter . Telegram . Reddit . Instagram