Original Post: http://www.cnet.com/news/i-got-mousejacked/
They broke in like it was nothing. They could have wiped my hard drive, stolen my files, or practically anything nefarious you can do with a computer.
All because I had a wireless mouse dongle plugged into my laptop. And all they needed was a simple antenna that costs as little as $15 at Amazon.
Thankfully, "they" were a pair of security researchers from a company called Bastille, and every company that builds wireless mice and keyboards has already been alerted to the issue. If you have a Logitech Unifying receiver, there's already a fix. (Here is a link to a patch provided to us by Logitech:RQR_012_005_00028.exe.)
But if not, you too might be vulnerable to this technique. They're calling it a "Mousejack."
What Bastille security researcher Marc Newlin discovered was this. If you can send out a wireless signal that pretends to be a wireless mouse, most wireless USB dongles will happily latch onto it -- no questions asked. Then, you can have that fake wireless mouse pretend to be a wireless keyboard -- and start controlling someone else's computer.