Last year, an IoT (Internet of Things) security firm called Bastille Networks uncovered an attack from an unexpected vector. Hackers can actually take control of your wireless mouse, which has no on-board security, and use the device to spoof keyboard inputs to the computer it is attached to. The hope was that by revealing details about such an attack, it would prompt manufacturers to finally begin better securing their devices.
On that front, it appears that they have begun to succeed in their mission. Microsoft has just announced a new patch that provides an added layer of security for certain wireless mice that they produce. The patch works by filtering mouse inputs to ensure that no QWERTY key frames come from the mouse, which of course, could never normally make them.
It’s a good move, and kudos to Microsoft for being the first company to provide better protection for its family of wireless mice, however, Marc Newlin of Bastille Networks was quick to criticize the offered patch for not going far enough.
The patch is effective for the following:
Sculpt Erogonomic mouse
Sculpt Mobile Mouse
Arc Touch Mouse
Wireless Mouse 5000
Wireless Mouse 2000
Wireless Mouse 1000
Wireless Mobile Mouse 4000
Wireless Mobile Mouse 3500
Wireless Mobile Mouse 3000 (v2.0)
The update is available for Windows 7, 8.1, and Windows 10 but notably not any edition of Windows Server. Also, the additional caveat is that it only provides protection for standalone wireless mice. If you purchased a bundled pair, keyboard and mouse, then the patch won’t do anything for you.
For these reasons, and because all non-Microsoft mice are still vulnerable, Mr. Newlin’s concerns are well founded. Nonetheless, it is undeniably a step in the right direction.
If you have any of the mice mentioned above, and want to provide yourself or your users with added protection, you can get the patch from the Microsoft website. Details on installing it are here: https://support.microsoft.com/en-us/kb/3152550 or feel free to contact our team and we can make sure that the proper updates are installed and your system is protected.