This makes it difficult for an SDR based decoder to observe all of the transmitted packets. The channel hopping is generally unpredictable, and Software Defined Radios are slower to retune than the nRF24L radios. None of the tested devices employ frequency hopping in the traditional sense, but they all change channels to avoid interference from other 2.4GHz devices (Bluetooth, Wi-Fi, etc). This proved fruitful, but there were drawbacks to using an SDR. To accommodate this, the initial research was performed using a USRP B210 Software Defined Radio, coupled with a custom GNU Radio block designed to decode all of the possible packet configurations. The nRF24L transceivers support multiple data rates, address lengths, packet formats, and checksums. From a research standpoint, this means that the same tools and procedures can be used to evaluate products from different vendors. The nRF24L transceivers provide a mechanism to wirelessly transmit data between two devices, but the functionality that turns mouse clicks and keypresses into bytes sent over the air is implemented by each vendor. Nordic Semiconductor makes the popular nRF24L series of transceivers used in most of the devices vulnerable to MouseJack. Problems in the way the dongles process received packets make it possible for an attacker to transmit specially crafted packets which generate keypresses instead of mouse movement/clicks. The dongle listens for radio frequency packets sent by the mouse or keyboard, and notifies the computer whenever the user moves their mouse or types on their keyboard. When a user presses a key on their keyboard or moves their mouse, information describing the actions are sent wirelessly to the USB dongle. Wireless mice and keyboards work by transmitting radio frequency packets to a USB dongle plugged into a user’s computer. In contrast to Bluetooth, there is no industry standard to follow, leaving each vendor to implement their own security scheme. Wireless mice and keyboards commonly communicate using proprietary protocols operating in the 2.4GHz ISM band. Spanning seven vendors, these vulnerabilities enable an attacker to type arbitrary commands into a victim’s computer from up to 100 meters away using a $15 USB dongle. MouseJack is a collection of security vulnerabilities affecting non-Bluetooth wireless mice and keyboards. See affected devices, advisories, remediation, tools & timeline
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |