A study on Rogue Wireless Devices with Detection of Mousejack Attacks and Vulnerabilities

Abstract

A computer can be access unwillingly without the owner’s consent and knowledge by a rogue device through the USB dongle that are plugged to the computer to communicate with wireless mouse and keyboard. Malicious activity can be performed on targeted computer once access is acquired. This is what they called as Mousejack. The study revolves around the wireless mouse and keyboard that are readily available in market. Two wireless desktop set from two big name in the industry have been choose as the test subject which is Logitech and Microsoft. The methodology of the study starts with documentation analysis where Open Source Intelligence (OSINT) is gathered to acquire as much as possible information regarding the test subject such as the operate frequency, data rate and communication protocol. Other related materials to the study are also gathered. Then, the study proceeds to radio-based analysis where the test subject is analyzed for any weakness and vulnerabilities exist on its communication protocol that could be taken advantage of. With the knowledge gathered from the OSINT and radio-based analysis, a penetration testing is conducted to test our findings and as the proof of concept. Result shows that there are several vulnerabilities such as unencrypted communication or poor implementation of encryption that could lead to Mousejack. Several mitigation measures are then proposed to prevent and counter such attack. The study gave the insight on the subject discussed upon its audience. Therefore, it is expected to increase the awareness among manufacturers and users to take a counter measure action against the Mousejack attack.