User:Bkr42/sandbox

= MouseJacking = Mousejacking is a security vulnerability in the firmware of many wireless keyboards and mice. It is specific to keyboards and mice using a proprietary protocol in the 2.4 Ghz band implemented on a chip by Nordic Semiconductor. Many wireless keyboard and mouse vendors protect the keyboard keystrokes from eavesdropping by using encryption. This also prevents an attacker from injecting keystrokes. However, the mouse clicks and movement is not encrypted and thus open to injection by an attacker. In addition, some wireless dongles have weaknesses in the way it processes received packets which makes it possible to send specifically formatted packets which generates keystrokes through the mouse communication channel. This allows an attacker to inject keystrokes into a computer using a wireless keyboard and mouse without having to know the encryption key of the keyboard communication channel.



Discovery
This vulnerability was discovered by Bastille Research and documented in a whitepaper. A similar vulnerability include Samy Kamkar's Key Sweeper which sniffs keystroke data of unencrypted wireless keyboards.

Exploitation
To exploit this vulnerability an attacker has to be relatively close to its target. Even though the range between a standard keyboard or mouse and the dongle is in the order of 10m, it was experimentally tested that this vulnerability may be exploitable at a range of 180m using the CrazyRadio PA dongle. This range assumes line of sight, so if there were walls or other obstacles in the way the attack may not work. A likely attack scenario would be an attacker standing close by an office with a laptop and wireless dongle. In many attack scenarios, the attacker may not be able to see the target's monitor, so the attack would have to be executed blind.

Remediation
Many vendors either released firmware patches for their dongles or offered to replace affected devices. In addition, Microsoft released a wireless mouse driver patch that would filter any keystroke input coming in through a mouse. In cases where security is of critical importance, it may be better to not use a wireless keyboards or mouse.