Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Microsoft Networking Software Hardware

Optional Windows Update Aims To Halt Wireless Mouse Hijacking 25

Reader itwbennett writes: An optional Windows patch released Tuesday protects against an attack, dubbed MouseJack that affects wireless mice and keyboards from many manufacturers, including Microsoft and allows attackers to spoof a wireless mouse from up to 100 meters away and send rogue keystrokes instead of clicks to a computer. According to a Microsoft security advisory, the devices affected by this attack are: Sculpt Ergonomic mouse, Sculpt Mobile Mouse, Wireless Mobile Mouse 3000 v2.0, Wireless Mobile Mouse 3500, Wireless Mobile Mouse 4000, Wireless Mouse 1000, Wireless Mouse 2000, Wireless Mouse 5000 and Arc Touch Mouse. But Marc Newlin, one of the researchers who developed the attack said on Twitter that the patch doesn't go far enough and 'injection still works against MS Sculpt Ergonomic Mouse and non-MS mice.'
This discussion has been archived. No new comments can be posted.

Optional Windows Update Aims To Halt Wireless Mouse Hijacking

Comments Filter:
  • If it is possible to negotiate rogue key/mouse input (which presumably requires proper communication between the rogue keyboard/mouse and the target device), then would it not also be possible to capture the data from the real keyboard/mouse? And in that case, it would seem quite possible, then, to steal keystrokes/mouse movements -- say during someone's login.
    • Yes, this has been possible for years.

      Many agencies use it to capture password before an arrest. It is also one reason I never understood the need for keyloggers. If you know where the system is you can simple be in the same area and pick up the keystrokes. So a small receiver that logs them could be placed in the bushes, outside the window of your office, or in a close flower bed disguised as a rock. Quietly sitting there collecting all your key strokes.

      It can be done with the simple wireless keyboard or w

  • by AmiMoJo ( 196126 ) on Thursday April 14, 2016 @10:26AM (#51907997) Homepage Journal

    From what I can gather without any real detail in the rather useless article Microsoft are looking for timing discrepancies to try to detect this attack. Normally packets come in at regular intervals, so if one comes outside the regularly expected window it is considered malicious. There must be some clever filtering because the clock on the keyboard/mouse will drift in relation to the computer etc.

    This could be overcome by simply replicating the timing of the keyboard/mouse. They don't transmit constantly to save battery power, only when a key is pressed or the mouse is moved.

    Anyone know if Bluetooth keyboards are vulnerable?

    • by CityZen ( 464761 )

      The security advisory says that the update filters out QWERTY packets received from the mouse. My take is that it just prevents keystrokes from being input through the mouse interface.

      It still doesn't mean that the interface is secure; it just has one fewer holes than it had before. If you want security, don't use wireless devices.

    • by tlhIngan ( 30335 ) <slashdot&worf,net> on Thursday April 14, 2016 @11:47AM (#51908659)

      From what I can gather without any real detail in the rather useless article Microsoft are looking for timing discrepancies to try to detect this attack. Normally packets come in at regular intervals, so if one comes outside the regularly expected window it is considered malicious. There must be some clever filtering because the clock on the keyboard/mouse will drift in relation to the computer etc.

      This could be overcome by simply replicating the timing of the keyboard/mouse. They don't transmit constantly to save battery power, only when a key is pressed or the mouse is moved.

      Anyone know if Bluetooth keyboards are vulnerable?

      It's based on a hack to get additional keyboards and mice paired with your computer. It's because there are flaws in the way Logitech, Microsoft and many other wireless products add devices to their receivers and synchronize them. So Microsoft's patch, which is only for their products because they don't know how Logitech's or others work, is to basically examining the timing of the packets to make sure the vulnerability isn't being exploited.

      It's a device-add attack - the attacker is trying to add their keyboard and mouse to your computer remotely so they can control it. That's what the driver is looking for.

      Bluetooth keyboards may be vulnerable too, depending on how they do their pairing. But in general it's a lot less problematic because a Bluetooth keyboard requires OS support to pair and OS drivers to handle the input. The non-Bluetooth wireless devices use the dongle to emulate a standard HID device and do all their pairing internally.

      This is why you can use those keyboards during boot or with multiple OSes, whereas Bluetooth ones can't be used during boot (except for say, Macs) and if you dual/triple/etc boot, you have to re-pair the keyboard all the itme.

      If it is possible to negotiate rogue key/mouse input (which presumably requires proper communication between the rogue keyboard/mouse and the target device), then would it not also be possible to capture the data from the real keyboard/mouse? And in that case, it would seem quite possible, then, to steal keystrokes/mouse movements -- say during someone's login.

      No, the hack is to add keyboards and mice to your PC. Wireless communications for keyboard sand mice are generally encrypted (including Bluetooth) to prevent capturing of keystrokes and mouse movements

      Once the attacker has added their keyboard and mouse to your PC, they can then do anything - install malware, etc to then get your passwords and information, or to get access to your PC remotely.

  • by Anonymous Coward

    ...In the other news, the update might be riddled with the umpteenth GWX :-)

  • I had my wireless mouse hijacked last night. Battery committed suicide.
  • Do I have this right?

    The update that downloads and installs Windows 10 over your existing Windows system is turned on by default.

    The update that protects your system from a vulnerability is optional.

    Microsoft never was a very "customer centric" company.

    • Optional because you only need it if you are running one of the affected wireless products. or do you routinely install updates for devices you don't have connected to your computer.

      Yeah, the automatically install Windows 10 thing has been debunked numerous times. The update has to approved by the user. Granted the download will occur if you have automatic updates installed and that can be an issue for users on metered connections.

      • Yeah, the automatically install Windows 10 thing has been debunked numerous times.

        Refuted is not the same as debunked.

        The update has to approved by the user.

        No, it doesn't. One of my customers got bitten by this just two weeks ago. Automatic updates were off, and Windows 10 installed itself over Windows 7 automatically. The update completely destroyed his Windows 7 installation, and Windows 10 wouldn't even boot, so he had me install Kubuntu on his machine.

        • Can't prove it but I would be willing to bet that your use inadvertently approved the Win10 install.

          Agree that Microsoft makes this too easy and shouldn't download and install anything like an O/S upgrade/downgrade unless an administrative user specifically requests and authorizes it, your user wasn't running with admin rights and UAC off, RIGHT?

          • by karnal ( 22275 )

            I'm running with UAC off admin rights.. the pop up keeps telling me how great the upgrade is, but I keep declining.

            I have loaded it up in a VM since it was bugging me there too, but I had to specifically say "sure, let's rock."

  • I have Windows 10 Pro on my laptop using a Microsoft Wireless Mouse 1000. Updates were installed Tuesday afternoon. I have updates set to install updates for other Microsoft product. I presume that their Wireless mouse 1000 is an "other" product. Device manager shows that my mouse driver is dated 2006. When checking for new drivers I get a message "the best driver for your device is already installed". Sure it is at ten years old. Assholes. Windows 10 is fucked up.

If you steal from one author it's plagiarism; if you steal from many it's research. -- Wilson Mizner

Working...