Page 185 - Cyber Defense eMagazine January 2024
P. 185
nearby. The best way to prevent such attacks is to use SATA jammers, which detect suspicious read and
write operations initiated from legitimate software and distort that signal.
2.4 Far Field Electromagnetic Side-Channel Attack
It was proved that it is possible to break AES-128 encryption through electromagnetic side-channel
attack. The attacker must be within a 15-meter radius to perform this attack. This was accomplished by
using a deep neural network and a convolution neural network with an input size of 110 (R. Wang, H.
Wang, and E. Dubrova, 2020). If sensitive information like the AES key can be retrieved from about 15
meters away just by sniffing the electromagnetic side-channel signals, it provides enough evidence that
any information can be intercepted and stolen by being in proximity to an unaware victim.
2.5 Bastille Research
The Bastille Research team has conducted several research regarding wireless security threats. Some
of their discoveries include rouge Wi-Fi hotspots, eavesdropping/surveillance devices, wireless camera
exploits, home security systems, IoT device exploits, and rogue cell towers that can be used to hijack
mobile phone connections to eavesdrop and listen to other's phone calls, read text messages, break 2-
factor authentication and push malware to victim phones (Bastille Research Team, 2017). Also, they
have discovered several exploits that affect wireless peripheral devices like mice and keyboards.
KeySniffer is an exploit that targets non-Bluetooth wireless devices that do not encrypt their radio
communication. This allows hackers to intercept all keystrokes entered by the victim from several
hundred feet away (Marc Newlin, 2016a). All personal information including usernames, passwords,
credit card details, sensitive transactions, and all information can be intercepted and stolen. KeyJack is
another exploit discovered by the Bastille Research team that allows malicious users to inject encrypted
keystrokes into the vulnerable USB dongle without access to the encryption key (Marc Newlin, 2016b).
3. Mousejack Exploit Technical Details
Mousejack is a class of vulnerability that affects non-Bluetooth wireless peripheral devices like mice and
keyboards connected through USB dongles. This section will cover in-depth technical details on how to
sniff mouse clicks, keystrokes and inject maliciously crafted keystrokes to compromise a victim machine.
An attacker can take complete control over the target computer without any physical access by launching
this attack using a dongle which costs less than 15$.
Mousejack attack includes three methods that can be used to sniff transmitted radio traffic or to inject
keystrokes to compromise the victim's device. The three methods include:
3.1 Injecting keystrokes as a spoofed mouse.
Most of the peripheral wireless device manufacturers only encrypt the connection between keyboards
and dongles. They do not encrypt the connection between the mouse and the dongle as they only transmit
mouse movement and right or left click signals. It is assumed that these signals are not sensitive. Due to
a lack of encryption and authentication, the USB dongle directly accepts and processes data packets
from any rouge-spoofed mouse.
Cyber Defense eMagazine – January 2024 Edition 185
Copyright © 2024, Cyber Defense Magazine. All rights reserved worldwide.
