Companies are willing to take their chances with attackers rather than update or patch wireless mice that are vulnerable to the MouseJack vulnerability, a recent study has revealed.
Discovered this past February, MouseJack is a vulnerability in the protocol that sends data from wireless mice to their USB dongles.
According to Bastille, the company that discovered this issue, attackers can exploit a flaw in this protocol and send fake commands to a USB dongle, who fails to authenticate the data as coming from its paired device, and sends the commands to the connected PC.
Attackers can use this flaw to install malware or take over devices from ranges up to 100 meters (330 feet).
Microsoft addressed this problem last week when it issued an optional update that prevents MouseJack attacks for some Microsoft-manufactured wireless mice.
MouseJack attacks haven't scared companies in giving up wireless mice
Today, Bastille has released the results of a survey of 900 professionals, which reveals that despite the ominous message behind MouseJack, that attackers can hijack your mouse from 100 meters away, most companies just don't care.
Following MouseJack's disclosure, 82 percent of the study's respondents said their companies have not taken steps to outlaw the usage of wireless mice. In fact, 21 percent said they were not concerned that their wireless mouse could be hacked, and 16 percent said they’d continue to use their mouse even if it had the MouseJack vulnerability.
These responses show exactly why so many companies are getting hacked left and right these days. With a serious vulnerability exposing their corporate networks to any attacker within 100 meters, most respondents still thought off MouseJack as a rare type of hack that could never happen to them.
Nevertheless, some of the respondents said that if they precisely knew that they were using a MouseJack affected mouse, 34 percent said would patch or fix it if a patch would be available. Furthermore, 29 percent said they would replace it with a wired mouse, and 16 percent said they'd buy another wireless mouse that was not affected by this issue.
Taking into account that Bastille's CEO revealed to Kaspersky's ThreatPost that new proof-of-concept code and equipment has allowed its researchers to raise the distance at which a MouseJack attack works from 100 to 225 meters (740 feet), the time to take MouseJack seriously has arrived.
Discovered this past February, MouseJack is a vulnerability in the protocol that sends data from wireless mice to their USB dongles.
According to Bastille, the company that discovered this issue, attackers can exploit a flaw in this protocol and send fake commands to a USB dongle, who fails to authenticate the data as coming from its paired device, and sends the commands to the connected PC.
Attackers can use this flaw to install malware or take over devices from ranges up to 100 meters (330 feet).
Microsoft addressed this problem last week when it issued an optional update that prevents MouseJack attacks for some Microsoft-manufactured wireless mice.
MouseJack attacks haven't scared companies in giving up wireless mice
Today, Bastille has released the results of a survey of 900 professionals, which reveals that despite the ominous message behind MouseJack, that attackers can hijack your mouse from 100 meters away, most companies just don't care.
Following MouseJack's disclosure, 82 percent of the study's respondents said their companies have not taken steps to outlaw the usage of wireless mice. In fact, 21 percent said they were not concerned that their wireless mouse could be hacked, and 16 percent said they’d continue to use their mouse even if it had the MouseJack vulnerability.
These responses show exactly why so many companies are getting hacked left and right these days. With a serious vulnerability exposing their corporate networks to any attacker within 100 meters, most respondents still thought off MouseJack as a rare type of hack that could never happen to them.
Nevertheless, some of the respondents said that if they precisely knew that they were using a MouseJack affected mouse, 34 percent said would patch or fix it if a patch would be available. Furthermore, 29 percent said they would replace it with a wired mouse, and 16 percent said they'd buy another wireless mouse that was not affected by this issue.
Taking into account that Bastille's CEO revealed to Kaspersky's ThreatPost that new proof-of-concept code and equipment has allowed its researchers to raise the distance at which a MouseJack attack works from 100 to 225 meters (740 feet), the time to take MouseJack seriously has arrived.
