Skip to Content

How Hackable Is Your Wireless Keyboard and Mouse?

An Internet-of-things security startup says a flaw with some non-Bluetooth wireless keyboards and mouses makes it simple to hack into your computer.
February 23, 2016

Some of the computer dongles that come with wireless keyboards and mouses may offer hackers a fairly simple way to remotely access and take over your computer, according to a new report from Internet-of-things security startup Bastille.

Atlanta-based Bastille says it has determined that a number of non-Bluetooth wireless keyboards and mouses from seven companies—including Logitech, Dell, and Lenovo—have a design flaw that makes it easy for hackers from as far as about 90 meters away to pair with the dongle that these devices use to let you interact with your computer. A hacker could do things like control your computer or add malware to the machine.

The flaw points at yet another potential issue with the ever-growing number of connected devices, though it appears to work over a short range and still seems to be a hypothetical problem.

In tests, the company found around a dozen devices that were susceptible to the flaw, which it’s listing online. Most of them use a line of transceivers made by Nordic Semiconductor that do support 128-bit encryption, says Marc Newlin, a Bastille engineer who found the issue, but it’s up to the maker of the keyboards and mouses to apply it.

Bastille, which tracks malicious Internet-of-things activities by using sensors to track the electromagnetic signatures of Internet-connected devices, determined that while data transmitted by wireless keyboards tends to be encrypted, none of the mouses it tested encrypted their clicks. Also, while most of the keyboards the company tested do encrypt their data before sending it to the dongle, the dongles didn’t always require that the data be encrypted. Both of these things would make it possible for a hacker to fool the dongle on a victim’s computer into thinking that his remote clicks and keystrokes are legitimate.

Newlin says that since each wireless keyboard or mouse has a unique radio frequency address, a hacker would simply use an inexpensive USB dongle to sniff the data packets being transmitted between, say, a mouse and the dongle connected to its computer to figure out that address. Then the hacker could transmit keystroke packets to the dongle as if he were the rightful user of the computer.

Bastille founder and chief technology officer Chris Rouland says the startup let the companies know about the devices it found to be vulnerable, and they’ve mostly been “very attentive” to the problem. Some of the products can be made more secure with a simple software update to the dongle, but most of them can’t be patched, he says, so the dongles would have to be replaced.

In a statement, Logitech’s senior director of engineering, Asif Ahsan, said the company came up with a software update to fix the problem. However, the vulnerability Bastille detected “would be complex to replicate” since it requires being physically close to the victim, he said, which makes it “a difficult and unlikely path of attack.”

“To our knowledge, we have never been contacted by any consumer with such an issue,” he added.

A Dell spokeswoman, meanwhile, said that the software on one of its two affected keyboard and mouse products can be patched. Another will require customers to contact the company’s technical support to find a “suitable replacement.” 

And in a security advisory released Tuesday, Lenovo said the issue, which affects a wireless keyboard, will be fixed in new devices but that customers with an existing version of the device can reach out to Lenovo customer support for a replacement.

Keep Reading

Most Popular

Geoffrey Hinton tells us why he’s now scared of the tech he helped build

“I have suddenly switched my views on whether these things are going to be more intelligent than us.”

ChatGPT is going to change education, not destroy it

The narrative around cheating students doesn’t tell the whole story. Meet the teachers who think generative AI could actually make learning better.

Meet the people who use Notion to plan their whole lives

The workplace tool’s appeal extends far beyond organizing work projects. Many users find it’s just as useful for managing their free time.

Learning to code isn’t enough

Historically, learn-to-code efforts have provided opportunities for the few, but new efforts are aiming to be inclusive.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.