Hacking Wireless Mouse / Keyboard Remotely [MouseJack]

Hacking Wireless Mouse / Keyboard Remotely [MouseJack]
Hacking Wireless Mouse / Keyboard Remotely [MouseJack]
Hacking Wireless Mouse / Keyboard Remotely [MouseJack]
Hacking Wireless Mouse / Keyboard Remotely [MouseJack]
Hacking Wireless Mouse / Keyboard Remotely [MouseJack]

Is it possible to hack a wireless mouse/keyboard? To be honest, I haven’t heard of this kind of attack until 2018. 

In 2016 Bastin announced a vulnerability affecting most devices sold today (CVE-2016-10761).

According to the cvedetails website „Logitech Unifying devices before 2016-02-26 allow keystroke injection, bypassing encryption, aka MouseJack.“

What is Mousejack Attack?

MouseJack vulnerability is, transmitting specially crafted-radio signals to a wireless mouse/keyboard USB dongle. 

Since the connection between the wireless mouse/keyboard and the USB dongle is wireless, an attacker can inject keystrokes into the USB dongle. 

MouseJack allows an attacker to inject commands into a victim’s computer from up to 100 meters away (depending on which antenna you are using) using a USB dongle that only costs $35. 

https://store.bitcraze.io/collections/kits/products/crazyradio-pa/

Wireless mice/keyboard works by transmitting radio frequency packets to the USB dongle that’s plugged into the PC.

How does MouseJack Attack work?

When clicking the left mouse button, the mouse will transmit an unencrypted radio frequency packet to the USB dongle which tells the computer that a left click has been pressed. Same thing with the keyboard. When you press any key, the keyboard will transmit an unencrypted radio frequency packet that will tell the USB dongle that a certain key has been pressed.

Unencrypted Packet

Keep in mind that MouseJack attack only works when the sent radio frequency from the mouse/keyboard is unencrypted. Have a look at the image below:

Encrypted Keyboard Packet

The Crazy Radio PA USB dongle works by listening to the transmitted packets from the mouse/keyboard.

Perform the MouseJack Attack [Theory]

To perform this attack, first, you need to plug the Crazy Radio PA USB dongle to your PC. The USB dongle will listen for unencrypted radio frequency packets that are transmitted nearby. Once the hacker spots an unencrypted radio frequency packet, the hacker will capture it and then use the captured packet to pretend to be the victim‘s mouse. By doing so, the hacker will be able to send any command/keystrokes combination to the target OS through the wireless USB dongle. 

An example of a keystroke combination is something like opening the CMD and downloading and executing a backdoor which will give you remote access to the target OS.

Keep in mind that many companies have patched their mouse/keyboard, but plenty of devices out there that’ve been previously sold before the vulnerability has been disclosed. 

Affected devices:

https://www.bastille.net/research/vulnerabilities/mousejack/affected-devices

Perform the MouseJack Attack in Practice

Here are videos that I made as a proof of concept:

https://youtu.be/7LIMB50LcIQ

Here are list of videos that I made to learn how to perform MouseJack attack from scratch:

Part 1:

https://youtu.be/XE0GQTiyhl0

Part 2:

https://youtu.be/473N0nsLAf4

Part 3:

https://youtu.be/gsBJnmMgEMk

The mouse I am using in the videos is the Logitech m510 mouse. I bought it from Amazon.

Resources:

https://www.bastille.net/research/vulnerabilities/mousejack/technical-details

https://www.cvedetails.com/cve/CVE-2016-10761/

Saad Sarraj

I am a CyberSecurity and Ethical Hacking/Penetration Testing passionate. I am also a TryHackMe Top 1% CTF Player.

Leave a Reply

Your email address will not be published. Required fields are marked *