ATLANTA--(BUSINESS WIRE)--Bastille, the first cybersecurity company to detect and mitigate threats from the Internet of Things (IoT), today announced it has uncovered a massive vulnerability in wireless mice and keyboards that leaves billions of PC’s and millions of networks vulnerable to remote exploitation via radio frequencies. Using an attack which Bastille researchers have named “MouseJack,” malicious actors are able to take over a computer through a flaw in wireless dongles. Once paired, the MouseJack operator can insert keystrokes or malicious code with the full privileges of the PC owner and infiltrate networks to access sensitive data. The attack is at the keyboard level, therefore PC’s, Macs, and Linux machines using wireless dongles can all be victims.
Notable wireless keyboard and mouse manufacturers affected by the MouseJack discovery include: Logitech, Dell and Lenovo, but most non-Bluetooth wireless dongles are vulnerable.
“MouseJack poses a huge threat, to individuals and enterprises, as virtually any employee using one of these devices can be compromised by a hacker and used as a portal to gain access into an organization’s network,” said Chris Rouland, founder, CTO, Bastille. “The MouseJack discovery validates our thesis that wireless IoT technology is already being rolled out in enterprises that don’t realize they are using these protocols. As protocols are being developed so quickly, they have not been through sufficient security vetting. The top 10 wearables on the market have already been hacked and we expect millions more commercial and industrial devices are vulnerable to attack as well. MouseJack underscores the need for security across the entire RF spectrum as exploitation of IoT devices via radio frequencies is becoming increasingly popular among the hacker community.”
“Wireless mice and keyboards are the most common accessories for PC’s today, and we have found a way to take over billions of them,” said Marc Newlin, Bastille’s engineer responsible for the MouseJack discovery. “MouseJack is essentially a door to the host computer. Once infiltrated, which can be done with $15 worth of hardware and a few lines of code, a hacker has the ability to insert malware that could potentially lead to devastating breaches. What’s particularly troublesome about this finding is that just about anyone can be a potential victim here, whether you’re an individual or a global enterprise.”
The MouseJack vulnerability affects a large percentage of wireless mice and keyboards, as these devices are ubiquitous and often found in sensitive environments. While some vendors will be able to offer patches for the MouseJack flaw with a firmware update, many dongles were designed to not be updatable. Consumers will need to check with their vendor to determine if a fix is available or consider replacing their existing mouse with a secure one. Comprehensive information on the vulnerability and a list of vendors known to be affected by MouseJack is available at www.mousejack.com.
Bastille’s MouseJack discovery is part of the company’s mission to secure Enterprise airspace by identifying airborne threats and allowing for preemptive response. As the first and only company to provide full spectrum scanning of the corporate airspace, Bastille is able to provide a view of all device emissions to allow detection and threat mitigation across the entire RF spectrum. Many corporations rely on the false sense of safety provided by existing WiFi security products, however these products are not able to guard against threats coming from new, and often proprietary, wireless IoT protocols. With billions of devices leveraging more than 100 distinct protocols for Internet communication, the Bastille solution provides a combination of next-generation sensors and software to detect, localize, and assess these new security risks invading Enterprise corporations.
Launched in 2014, Bastille is pioneering Internet of Things (IoT) security with next-generation security sensors and airborne emission detection, allowing corporations to accurately quantify risk and mitigate 21st century airborne threats. Through its patent-pending, proprietary technology, Bastille helps enterprise organizations protect cyber and human assets while providing unprecedented visibility of wireless IoT devices that could pose a threat to network infrastructure. For more information, visit www.bastille.net and follow @bastillenet on Twitter and LinkedIn.