Four in Five Companies Don’t Care About MouseJack Vulnerability
April 20, 2016
Shah Sheikh (1294 articles)

Four in Five Companies Don’t Care About MouseJack Vulnerability

Companies are willing to take their chances with attackers rather than update or patch wireless mice that are vulnerable to the MouseJack vulnerability, a recent study has revealed.

Discovered this past February, MouseJack is a vulnerability in the protocol that sends data from wireless mice to their USB dongles.

According to Bastille, the company that discovered this issue, attackers can exploit a flaw in this protocol and send fake commands to a USB dongle, which fails to authenticate the data as coming from its paired device and sends the commands to the connected PC.

Attackers can use this flaw to install malware or take over devices from ranges up to 100 meters (330 feet).

Microsoft addressed this problem last week, when it issued an optional update that prevents MouseJack attacks on some Microsoft-manufactured wireless mice.

MouseJack attacks haven’t scared companies in giving up wireless mice

Today, Bastille has released the results of a survey of 900 professionals. The study reveals that, despite the ominous message behind MouseJack, that attackers can hijack your mouse from 100 meters away, most companies just don’t care.

Following MouseJack’s being disclosed, 82 percent of the study’s respondents admitted their companies did not take steps to outlaw the usage of wireless mice. In fact, 21 percent said they were not concerned that their wireless mouse could be hacked, and 16 percent claimed they’d continue to use their mouse even if it had the MouseJack vulnerability.

These responses show exactly why so many companies are getting hacked left and right these days. With a serious vulnerability exposing their corporate networks to any attacker within 100 meters, most respondents still thought of MouseJack as a rare type of hack that could never happen to them.

Nevertheless, 34 percent of the respondents said that, if they precisely knew that they were using a MouseJack-affected mouse, they would patch or fix it if a patch was available. Furthermore, 29 percent claimed they would replace it with a wired mouse, and 16 percent said they’d buy another wireless mouse that was not affected by this issue.

Taking into account that Bastille’s CEO revealed to Kaspersky’s ThreatPost that new proof-of-concept code and equipment allowed its researchers to raise the distance at which a MouseJack attack works from 100 to 225 meters (740 feet), the time to take MouseJack seriously has arrived.

Source | SoftPedia