The pair work for Bastille, a startup cyber security company that
has uncovered a flaw they say leaves millions of networks and
billions of computers vulnerable to attack.
Wireless mice from companies like HP, Lenovo, Amazon and Dell use
unencrypted signals to communicate with computers.
"They haven't encrypted the mouse traffic, that makes it possible
for the attacker to send unencrypted traffic to the dongle
pretending to be a keyboard and have it result as keystrokes on your
computer. This would be the same as if the attacker was sitting at
your computer typing on the computer," said Newlin, a security
researcher at Bastille.
A hacker uses an antenna, a wireless chip called a dongle, both
available for the less $20 (USD), and a simple line of code to trick
the wireless chip connected to the target computer into accepting it
as a mouse.
"So the attacker can send data to the dongle, pretend it's a mouse
but say 'actually I am a keyboard and please type these letters',"
"If we sent unencrypted keyboard strokes as if we were a mouse it
started typing on the computer, typing at a 1000 words per minute,"
said Chris Rouland, the CTO and Founder of Bastille.
At a thousand words a minute, the hacker can take over the computer
or gain access to a network within seconds.
[to top of second column]
Rouland says that while companies are very good at encrypting and
securing their networks and websites, they do not compensate for all
cyber traffic across the entire radio spectrum. He says it's time to
re-think cyber security, especially in the world where smart phones
are capable of transmitting massive amounts of data per second.
"No one was looking at the air space. So I wanted to build this
cyber x-ray vision to be able to see what was inside a corporation's
air space versus what was just plugged into the wired network or
what was on a Wifi hotspot," said Rouland.
Bastille is hoping to cash in on its security flaw findings and
offer new types of sensors that take into account more of the
threats present in a wireless world.
In the meantime, Bastille is keeping tabs on the wireless mouse
problem. They say some companies are starting to offer firmware
updates to correct the security issues. Bluetooth devices are not
vulnerable to this type of attack.
[© 2016 Thomson Reuters. All rights
Copyright 2016 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.