A cyber security firm looking to better patrol wireless traffic has uncovered a flaw that could potentially allow hackers to attack and take over computers using a wireless mouse connection. Ben Gruber reports.
STORY: Marc Newlin and Balint Seeber are checking how far apart they can be while still able to hack into each other's computers. It turns out it's pretty far - 180 meters - the length of this alley in downtown San Francisco. The pair work for Bastille, a start-up cyber security company that's uncovered a flaw it says leaves millions of networks and billions of computers vulnerable to attack. Wireless mice from various companies use unencrypted signals to communicate with computers. (SOUNDBITE) (English) MARC NEWLIN, SECURITY RESEARCHER, BASTILLE, SAYING: "Because they haven't encrypted the mouse traffic, that makes it possible for the attacker to send unencrypted traffic to the dongle pretending to be a keyboard and have it result as keystrokes on your computer and this would be the same as if the attacker was sitting at your computer typing on the keyboard." A hacker uses an antenna, a wireless chip called a dongle, and a simple line of code to trick the wireless chip connected to the target computer into accepting it as a mouse. (SOUNDBITE) (English) MARC NEWLIN, SECURITY RESEARCHER, BASTILLE, SAYING: "So the attacker can send data to the dongle, pretend it's a mouse but say 'actually I am a keyboard and please type these letters'." (SOUNDBITE) (English) CHRIS ROULAND, CTO &CO-FOUNDER, BASTILLE, SAYING: "If we sent unencrypted keyboard strokes as if we were a mouse it started typing on the computer, typing at a 1000 words per minute." And at a thousand words a minute, the hacker can take over the computer or gain access to a network in seconds. Chris Rouland says that while security standards at most companies are good at protecting networks and websites, they don't compensate for all cyber traffic across the entire radio spectrum. He says it's time to re-think cyber security, in a world where smart phones can transmit massive amounts of data per second. (SOUNDBITE) (English) CHRIS ROULAND, CTO &CO-FOUNDER, BASTILLE, SAYING: "No one was looking at the air space. So I wanted to build this cyber x-ray vision to be able to see what was inside a corporation's air space versus what was just plugged into the wired network or what was on a Wifi hotspot." Bastille hopes to offer new types of sensors that consider more of the threats present in an increasingly wireless world. For now it's keeping tabs on the wireless mouse problem and says some companies are offering firmware updates to correct the security issues. Bluetooth devices are not vulnerable to this type of attack.