Mailinglist Archive: opensuse (1470 mails)

< Previous Next >
[opensuse] MouseJack anyone? Do you use a wireless mouse / keyboard (that is not Bluetooth)?
  • From: Greg Freemyer <greg.freemyer@xxxxxxxxx>
  • Date: Thu, 25 Feb 2016 17:09:01 -0500
  • Message-id: <CAGpXXZL=VhHuYgogv-4P8N8nTc6NbxmSMQVZpBDz1a+UeZF18Q@mail.gmail.com>
This is a new class of vulnerability for me. The vulnerability is
cross platform, so Windows / Linux / Mac (or whatever).

Apparently most wireless mice/keyboards (that are not Bluetooth) are
easy to hack the wireless comms.

Further, it seems most receivers for mice also accept keyboard keystrokes.

Once an attacker has paired with your mouse/keyboard receiver they can
type commands.

For an openSUSE machine, think of an attacker in your office hallway typing

===
alt-cntrl-F2
rm -rf /
cntrl-F7
===

as you get up to grab a book off the bookshelf behind your desk.

Even without root access, they've done a pretty good job of deleting
all your personal files.

There's a video about it at: https://www.mousejack.com/

I've got half a dozen Logitech Unifying mice around my office / house.
Fortunately Logitech already has a patch out to block this.

Time for me to do some firmware updates.

Greg
--
Greg Freemyer
www.IntelligentAvatar.net
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >
Follow Ups