Wireless mice flaw leaves 'billions' open to hacking

Marc Newlin and Balint Seeber are checking how far apart they can be while still being able to hack into each other's computers. It turns out it's pretty far - 180 meters.

The pair work for Bastille, a startup IT security firm that has uncovered a flaw they say leaves millions of networks and billions of computers vulnerable to attack. 

Wireless mice from companies like HP, Lenovo and Dell use unencrypted signals to communicate with computers. 

"They haven't encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer," Newlin said.

"This would be the same as if the attacker was sitting at your computer typing on the computer." 

A hacker can use an antenna, a dongle, and a simple line of code to trick the wireless chip connected to the target computer into accepting it as a mouse, the researchers said.

"So the attacker can send data to the dongle, pretend it's a mouse but say 'actually I am a keyboard and please type these letters'," Newlin said.

"If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute," said Chris Rouland, the CTO and founder of Bastille.  

At a thousand words a minute, the hacker can take over the computer or gain access to a network within seconds.  

Rouland said while companies are very good at encrypting and securing their networks and websites, they do not compensate for all traffic across the entire radio spectrum.

He argued it was time to rethink cyber security, especially in an environment where smartphones can transmit massive amounts of data per second.  

"No one was looking at the air space. So I wanted to build this cyber x-ray vision to be able to see what was inside a corporation's air space versus what was just plugged into the wired network or what was on a wi-fi hotspot," Rouland said.

Bastille is hoping to cash in on its security flaw findings and offer new types of sensors that take into account more of the threats present in a wireless world. 

In the meantime, Bastille is keeping tabs on the wireless mouse problem. The firm says some companies are starting to offer firmware updates to correct the security issues. Bluetooth devices are not vulnerable to this type of attack.