MouseJacking - New era of wireless attacks

Are you using a wireless mouse or keyboard? Yes?

You should meet MouseJack, the newest attack for millions of wireless mice and keyboards, 15$ and 15 lines of code could remotely hijack wireless mice and keyboards from a distance up to 100 meters away. MouseJack is an undetectable attack which could lead to full PC and network compromise.

What is MouseJack?

Researchers from Bastille found a vulnerability in the protocol that is responsible for how wireless device and its dongle connect to each other. The vulnerability falls into one of three cases: keystroke injection to spoof a mouse, to spoof a keyboard and forced pairing. This vulnerability leaves millions of PCs and networks vulnerable to remote exploitation via radio frequencies.

What could the attacker do?

The vulnerability allows attackers to execute and inject commands into your computer from a distance up to 100 meters away. For example with a few commands, they can obtain remote access to your computer to install malware or steal sensitive info and send it via email


  • Linux OS
  • SDCC (minimum version 3.1.0)
  • GNU Binutils
  • Python
  • PyUSB
  • Platformio

Supported Hardware

You could use one of these tested devices:

  • SparkFun nRF24LU1+ breakout board
  • Logitech Unifying dongle
  • CrazyRadio PA USB dongle

Vulnerable Vendors

  • Dell
  • AmazonBasics
  • Microsoft
  • Lenovo
  • Gigabyte
  • HP
  • Logitech 

How to protect yourself?

  • Unplugging your wireless mouse and dongle.
  • Use wired mouse instead of wireless.
  • Update dongle firmware.


PoC Video

Post a Comment