The all new
CBS News App for Android® for iPad® for iPhone®
Fully redesigned. Featuring CBSN, 24/7 live news. Get the App

Hackers could "mousejack" your computer

If you use a wireless mouse with your computer, beware: You could be at risk of getting "mousejacked."

That's the term being used to describe a recently discovered security flaw that could allow hackers to exploit a wireless mouse to access anything on the computer.

The security firm Bastille, which discovered the problem, says a hacker would just need a $15 antenna and a few lines of malicious computer code.

As CNET explains:

What Bastille security researcher Marc Newlin discovered was this. If you can send out a wireless signal that pretends to be a wireless mouse, most wireless USB dongles will happily latch onto it -- no questions asked. Then, you can have that fake wireless mouse pretend to be a wireless keyboard -- and start controlling someone else's computer.

"If you have a wireless mouse I can attach and impersonate a wireless keyboard and arbitrarily send it any commands I want to your computer," said Bastille founder Chris Rouland as he demonstrated the hack. Once hackers get in, "They can do anything to your computer that you could as if you were sitting at it," he said.

But the hackers would have to be within 200 meters (about 656 feet) of the targeted mouse and computer in order to pull it off, offering users some degree of protection at home or the office. Users who connect to a wireless mouse in a public area like a coffee shop or airport are more likely to be at risk from a hacker lurking in the crowd.

The problem could potentially affect millions of wireless mice that are connected via USB dongles. It does not affect devices that connect via Bluetooth.

0224scitechmousejack1.jpg
The "mousejack" vulnerability affects wireless mice that connect via a USB dongle like this one.
CNET

Bastille says it discovered the flaw in November and notified companies that make wireless mice and keyboards so that they could patch it. (For users with Logitech Unifying receivers, Logitech is already providing a patch, available here: RQR_012_005_00028.exe.)

Logitech released a statement downplaying concern about the risk: "The vulnerability would be complex to replicate and would require physical proximity to the target. It is therefore a difficult and unlikely path of attack."

Consumers with other brands of wireless mice should check with the makers about a patch or replacement. "In the case of Microsoft, Amazon, Dell, HP and Gigabyte users, they may need to purchase new devices. They can switch to wired devices," Rouland said.