Is your wireless mouse a security risk?
A new company in the US has unveiled a security flaw that means your wireless mouse could actually offer an entry point to hack your computer.
Bastille, a start-up, has revealed that the dongles from wireless mice from companies including Lenovo, HP, Amazon and Dell don’t encrypt the information sent between the mouse and the computer keyboard. This is a clear point of entry and the company demonstrated that it could be accessed from up to 180 metres away.
Effectively a hacker can gain access to a terminal and use a keyboard from outside the building to type in to the computer as if it were attached. This obviously gives them the opportunity to take over a terminal and use it as if they were sat at the screen themselves.
Wireless mice that use Bluetooth don’t suffer this flaw, but older mice and even new ones can represent a serious security risk that the companies themselves are now seeking to address.
“If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1,000 words per minute,” said Chris Rouland, the CTO and founder of Bastille.
This threatens to undermine all the good work that a lot of companies put into their network security and other cyber security measures, and it will be a major frustration that such a simple flaw has been allowed to compromise their efforts.
The company that discovered the flaw, Bastille, is now hoping to cash in with a new type of sensor system that monitors traffic over radio waves, as well as the traditional WiFi network.
Rouland said: “No one was looking at the air space. So I wanted to build this cyber X-ray vision to be able to see what was inside a corporation’s air space versus what was just plugged into the wired network or what was on a WiFi hotspot.”
Even today, new vulnerabilities are turning up in the most unlikely places, so any company that is concerned about its computer security should call in the experts for a thorough ground-up audit of their systems.