We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.


How Hackable Is Your Wireless Keyboard and Mouse?

An Internet-of-things security startup says a flaw with some non-Bluetooth wireless keyboards and mouses makes it simple to hack into your computer.

Some of the computer dongles that come with wireless keyboards and mouses may offer hackers a fairly simple way to remotely access and take over your computer, according to a new report from Internet-of-things security startup Bastille.

Atlanta-based Bastille says it has determined that a number of non-Bluetooth wireless keyboards and mouses from seven companies—including Logitech, Dell, and Lenovo—have a design flaw that makes it easy for hackers from as far as about 90 meters away to pair with the dongle that these devices use to let you interact with your computer. A hacker could do things like control your computer or add malware to the machine.

The flaw points at yet another potential issue with the ever-growing number of connected devices, though it appears to work over a short range and still seems to be a hypothetical problem.

In tests, the company found around a dozen devices that were susceptible to the flaw, which it’s listing online. Most of them use a line of transceivers made by Nordic Semiconductor that do support 128-bit encryption, says Marc Newlin, a Bastille engineer who found the issue, but it’s up to the maker of the keyboards and mouses to apply it.

Bastille, which tracks malicious Internet-of-things activities by using sensors to track the electromagnetic signatures of Internet-connected devices, determined that while data transmitted by wireless keyboards tends to be encrypted, none of the mouses it tested encrypted their clicks. Also, while most of the keyboards the company tested do encrypt their data before sending it to the dongle, the dongles didn’t always require that the data be encrypted. Both of these things would make it possible for a hacker to fool the dongle on a victim’s computer into thinking that his remote clicks and keystrokes are legitimate.

Newlin says that since each wireless keyboard or mouse has a unique radio frequency address, a hacker would simply use an inexpensive USB dongle to sniff the data packets being transmitted between, say, a mouse and the dongle connected to its computer to figure out that address. Then the hacker could transmit keystroke packets to the dongle as if he were the rightful user of the computer.

Bastille founder and chief technology officer Chris Rouland says the startup let the companies know about the devices it found to be vulnerable, and they’ve mostly been “very attentive” to the problem. Some of the products can be made more secure with a simple software update to the dongle, but most of them can’t be patched, he says, so the dongles would have to be replaced.

In a statement, Logitech’s senior director of engineering, Asif Ahsan, said the company came up with a software update to fix the problem. However, the vulnerability Bastille detected “would be complex to replicate” since it requires being physically close to the victim, he said, which makes it “a difficult and unlikely path of attack.”

“To our knowledge, we have never been contacted by any consumer with such an issue,” he added.

A Dell spokeswoman, meanwhile, said that the software on one of its two affected keyboard and mouse products can be patched. Another will require customers to contact the company’s technical support to find a “suitable replacement.” 

And in a security advisory released Tuesday, Lenovo said the issue, which affects a wireless keyboard, will be fixed in new devices but that customers with an existing version of the device can reach out to Lenovo customer support for a replacement.

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.
More from Connectivity

What it means to be constantly connected with each other and vast sources of information.

Want more award-winning journalism? Subscribe to Insider Basic.
  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    Print Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.