Microsoft unleashes a MouseJack patch that may or may not actually work

Microsoft Sculpt Ergonomic Keyboard USB receiver
Microsoft has released an optional update that addresses a hacking technique called “MouseJack.” The update patches a number of Microsoft-based wireless mice including the Sculpt Ergonomic mouse, the Arc Touch mouse, the Wireless Mouse 1000/2000/5000, and several others. This update does not address other mice manufactured by third-party suppliers.

“A vulnerability has been discovered that allows keyboard HID packets to be injected into Microsoft wireless mouse devices through USB dongles,” the company reports. “USB dongles will accept keyboard HID packets transmitted to the RF addresses of wireless mouse devices.”

According to Microsoft, the provided update actually filters out QWERTY key packets in keystroke communications issued from the receiving USB dongle to the wireless mouse device. The security issue currently resides in both 32-bit and 64-bit versions of Windows 7 Service Pack 1, Windows 8.1, Windows 10, and Windows 10 Version 1511.

Ok, so what’s this MouseJack business all about? It’s a technique that focuses on non-Bluetooth wireless keyboards and mice. These peripherals are connected to a desktop or laptop thanks to a dongle inserted into the USB port, enabling wireless transmissions between the host computer and the peripheral. The problem is that because these signals are sent over the air, hackers can use a special device to send their own malicious signals to the host PC in the same manner.

Security firm Bastille Research actually has a website dedicated to MouseJack information, and reports that hackers can take over a PC from up to 328 feet away. They can perform “rapidly malicious activities” without being detected by the device owner simply by sending scripted commands. Hackers can even type in arbitrary text as if the victims actually entered the text themselves.

“The MouseJack exploit centers around injecting unencrypted keystrokes into a target computer,” the firm states. “Mouse movements are usually sent unencrypted, and keystrokes are often encrypted (to prevent eavesdropping what is being typed). However, the MouseJack vulnerability takes advantage of affected receiver dongles, and their associated software, allowing unencrypted keystrokes transmitted by an attacker to be passed on to the computer’s operating system as if the victim had legitimately typed them.”

There is a list of vulnerable devices located here, including products manufactured by AmazonBasics, Dell, Gigabyte, HP, Lenovo, Logitech, and Microsoft. Dell actually provided a statement on February 23, saying that it has been working with Bastille Research to address the problem related to the KM632 and the KM714 devices.

Although Microsoft has issued an update to fix the MouseJack problem with its mice, security researcher Marc Newlin says that Windows customers using Microsoft-based mice are still vulnerable to MouseJack despite the patch. Even more, he says that injection still works against the Sculpt Ergonomic mouse and all non-Microsoft mice. There’s also no Windows Server support in the patch.

For more information about the new patch and how to perform a manual install, check out the Microsoft Security Advisory 3152550 here. Otherwise, Microsoft customers using one of its listed wireless products might want to consider grabbing the update when it arrives via Windows Update.

Apple

Apple may be developing a new iPod Touch to woo younger users

Apple may be developing its first new iPod touch model since 2015 as it aims to capture younger users who are not yet ready for their own smartphone, and expand its overall listening base in the future.
Mobile

The Motorola Razr may return as a foldable phone — for $1,500

The Motorola Razr V3 is one of the world's most iconic phones, and it could be making a stylistic return in the form of a foldable Motorola smartphone -- but it may cost around $1,500. Is the nostalgia worth it?
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Mobile

Apple AirPods may be used to spy on conversations, but please don’t

Apple added Live Listen to the AirPods through the iOS 12 update last September, to help users with minor hearing issues. However, a viral tweet is suggesting that the feature may be used to eavesdrop on the conversations of other people.
Computing

Don't spend a fortune on a PC. These are the best laptops under $300

Buying a laptop needn't mean spending a fortune. If you're just looking to browse the internet, answer emails, and watch Netflix, you can pick up a great laptop at a great price. These are the best laptops under $300.
Computing

Dell XPS 13 vs. Asus Zenbook 13: In battle of champions, who will be the victor?

The ZenBook 13 UX333 continues Asus's tradition of offering great budget-oriented 13-inch laptop offerings. Does this affordable machine offer enough value to compete with the excellent Dell XPS 13?
Product Review

LG Gram 14 proves 2-in-1 laptops don’t need to sacrifice battery for light weight

The LG Gram 14 2-in-1 aims to be very light for a laptop that converts to a tablet. And it is. But it doesn’t skimp on the battery, and so it lasts a very long time on a charge.
Gaming

Take a trip to a new virtual world with one of these awesome HTC Vive games

So you’re considering an HTC Vive, but don't know which games to get? Our list of 25 of the best HTC Vive games will help you out, whether you're into rhythm-based gaming, interstellar dogfights, or something else entirely.
Computing

The Asus ZenBook 13 offers more value and performance than Apple's MacBook Air

The Asus ZenBook 13 UX333 is the latest in that company's excellent "budget" laptop line, and it looks and feels better than ever. How does it compare to Apple's latest MacBook Air?
Computing

AMD Radeon VII will support DLSS-like upscaling developed by Microsoft

AMD's Radeon VII has shown promise with early tests of an open DLSS-like technology developed by Microsoft called DirectML. It would provide similar upscale features, but none of the locks on hardware choice.
Computing

You could be gaming on AMD’s Navi graphics card before the end of the summer

If you're waiting for a new graphics card from AMD that doesn't cost $700, you may have to wait for Navi. But that card may not be far away, with new rumors suggesting we could see a July launch.
Computing

Is AMD's Navi back on track for 2019? Here's everything you need to know

With a reported launch in 2019, AMD is focusing on the mid-range market with its next-generation Navi GPU. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles, like Sony's PlayStation 5.
Computing

Cortana wants to be friends with Alexa and Google Assistant

Microsoft no longer wants to compete against Amazon's Alexa and Google's Assistant in the digital assistant space. Instead, it wants to transform Cortana into a skill that can be integrated into other digital assistants.
Computing

Microsoft leans on A.I. to resume safe delivery of Windows 10 Update

Microsoft is leaning on artificial intelligence as it resumes the automatic rollout of the Windows 10 October 2018 Update. You should start seeing the update soon now that Microsoft has resolved problems with the initial software.