You are at work, sitting at your desk in front of your computer, aimlessly scrolling through Facebook (it’s fine, you tell yourself, it’s your lunch break). Suddenly you see that you have just “liked” a picture posted by someone you went to school with 15 years ago – awkward! But you are sure that you did not click anything; you know to be more careful than that. Then, you see something being typed in the search bar and now you know for sure that you are not the one typing. What is going on? Who is doing this? How are they doing this? Well, the USB dongle that your wireless mouse and keyboard use to communicate with the host computer has been compromised. Instead, your benign dongle has been replaced with a malicious $15 USB device that allows an attacker to impersonate your mouse or keyboard. This is known as MouseJacking. The bad actor can actually move your mouse and/or type keystrokes from up to 100 meters away. So, no, it was not you that “liked” your peer’s picture, but the attacker obviously found it worthy of one.
In a more perilous situation, the perpetrator might perform a MouseJack attack on a target organization in order to obtain sensitive information or compromise the network. By impersonating the mouse and keyboard, the malicious actor can install malware and rootkits, or copy files off the computer in seconds, having damaging consequences for the victim. In addition to performing these actions, the USB dongle also receives the information describing the actions of the user, such as how they move their mouse and which keys they are pressing on the keyboard. With this, the attacker can obtain sensitive information such as usernames, passwords, security question answers and credit card information. By gaining login credentials, the perpetrator can gain access to the network where more damage can be done. In cases where credit card information is stolen, this can be sold on the black market and used for credit card fraud.
A MouseJack attack can be extremely dangerous as it allows a bad actor to infiltrate an organization without being detected since the computer will not recognize the malicious nature of the device. Being recognized as a genuine HID means that this hardware device will not raise any security alarms and the organization will not know that they are being attacked until it is too late. Sepio Systems’ Hardware Access Control Solution (HAC-1) provides organizations with complete visibility into all devices operating over network and USB interfaces, as well as identifying those which are acting in anomalous ways. By providing total visibility, a stronger cybersecurity posture is achieved and the risk of a successful MouseJack attack is significantly reduced.
So, that innocent mouse or keyboard that you are using might be one of your greatest security threats.