Remember how the problems you had with the nightmare of tangled cables going in and out of your computer went away the day you discovered wireless devices? In fact, you swore never to touch a wired device again after buying a keyboard and mouse capable of communicating with your computer without needing to be physically connected to it. You even went as far as to replace your laptop’s touchpad with a mouse that communicates with your computer via a small USB connector as if by magic.
Well, we have news for you: A group of security experts have discovered that these devices, as convenient as they are, are not very safe. Cyber-criminals can take control of users’ computers remotely by exploiting flaws found in wireless keyboards and mice from seven major manufacturers (Logitech, Dell, Microsoft, HP, Amazon, Gigabyte and Lenovo).
The security hole affects millions of devices that use chips sold by the Norwegian firm Nordic Semiconductor. These chips allow devices to establish a short-wave radio communication with the target computer. Although these chips are capable of encryption, they require that vendors write their own firmware to implement that encryption and secure the connection between computers and peripheral devices. However, many companies don’t take the precaution to encrypt those communications.
And even if they did, it wouldn’t be much use. The companies that do encrypt their communications do not properly authenticate communicating devices, allowing rogue devices to inject unencrypted keystrokes over the same connection. Actually, the security experts that unveiled this vulnerability found several flaws in the firmware of the keyboards and mice that use those chips.
A simple and affordable USB adapter with an antenna and a laptop was all they needed to demonstrate that it is possible to interfere with the radio protocol used by these devices to communicate with their USB dongle and send commands to the target computer. To do that, the target computer must be relatively close to the antenna, although they have been able to control Lenovo wireless devices from 180 meters away.
So, any attacker that used the method discovered by these researchers could take over a computer without laying a finger on its mouse or keyboard. The commands sent by the hacker would be interpreted by the computer as coming from the legitimate device.
Now, what could an attacker that took advantage of this flaw actually do on the affected system? Nothing much, really. Even if they managed to access the targeted computer, they wouldn’t be able to see its screen, so even unlocking the computer would be a difficult task not knowing the relevant password.
According to these experts, if the computer were actually unlocked, the cyber-crook would be able to download malware that could allow them to take full control of the computer.
However, the attacker would only have the same privileges as the legitimate user. If the computer were in an office, for example, they probably wouldn’t have the necessary permissions to install malicious programs on it.
A Logitech spokesperson has already claimed that the “vulnerability would be complex to replicate” and “is therefore a difficult and unlikely path of attack.” Despite that, the company has decided to develop a firmware update for the affected devices.
Similarly, Lenovo has announced that it will give users the option to replace the affected devices. Microsoft, however, has simply stated that it will only launch an update as soon as possible.
This is not the first time that researchers warn of the dangers of wireless keyboards and mice. Last year, renowned security expert Samy Kamkar developed Key Sweeper, a keylogger hidden in a fake USB charger that logged the keystrokes typed on any Microsoft wireless keyboard. With the help of an Arduino board, anyone could develop this keylogger software and find out what others were typing.
This research is extremely significant as it demonstrates that millions of devices are vulnerable. Taking into account that it may encourage cyber-criminals to start doing some tests, it may be a good idea to start updating your devices’ firmware whenever possible, and even replace vulnerable keyboards and mice with wired peripherals or, better still, wireless devices that communicate with computers via Bluetooth.
Bear this in mind, however: as cyber-crooks need to be close to the target device to carry out this attack, it seems logical that they set their eyes on companies rather than home users. But don’t lower your guard: prevention is better than cure…