This may be optional, but a Windows user can’t actually ignore it.
How often do you check out Windows updates on your PC?
Rarely? Then you would hardly notice some security updates released on April 12.
Windows users who care about important updates may even miss it. Because the update that I am talking about is an optional one (Not a case for Windows 10 where automatic updates are enabled). You can still find this “KB3152550” update under optional updates list.
Microsoft has explained this update as “Update to Improve Wireless Mouse Input Filtering” in its knowledge base. It is targeted for protecting Windows computers against an attack called “MouseJack”.
This name “MouseJack” would not be familiar to you. It defines a class of issues that affects various wireless keyboards and mice. All you know, these devices are connected to the host computers by means of a radio transmitter- usually a USB dongle. Since, these keystrokes and mouse movements are sent over the air, hijacking these signals never been a tough task. Even up to 100-meter distance, attackers can exploit this vulnerability by sending rogue keystrokes to a computer -with a $15 device that can be purchased from Amazon.
Thanks to Bastille Networks– an IoT security firm for addressing this issue for the first time. Altogether, they have found almost nine vulnerabilities across these devices. For an attacker, it’ll take very less time to take full control of the computer in these situations.
Watch the video, to hear it from Bastille networks:
According to Bastille, this issue affected on seven different wireless dongle vendors- Microsoft, Dell, HP, Gigabyte, AmazonBasics, Logitech & Lenovo. Bluetooth devices are free from this.
The KB3152550 update claims to prevent such type of attack through a driver that filters keystroke from selected Microsoft wireless mice. (sorry to the users of other wireless mice brands). As per the security advisory report from Microsoft, these are the Microsoft’s wireless mice affected by this attack:
- Arc Touch Mouse
- Wireless Mouse 5000
- Wireless Mouse 2000
- Wireless Mouse 1000
- Sculpt Ergonomic mouse
- Sculpt Mobile Mouse
- Wireless Mobile Mouse 3500
- Wireless Mobile Mouse 4000
- Wireless Mobile Mouse 3000 v2.0
This update is available for Windows 7, 8, 8. 1 & 10 machines with standalone wireless mice. There’s no support for Windows Server machines and Mice coupled together with keyboards as part of Microsoft’s desktop set products.
Well, this update has received mixed reviews from tech geeks and writers. It’ll be interesting to see the tweet made by Marc Newlin, the security researcher at Bastille who actually figured out this vulnerability.
Certainly, Microsoft has to do more with these kinds of issues where cross-platform labelling is important. Not just Microsoft mice, the same problem exists with other devices too. A wise addressing is required to face this issue- not just from Microsoft side but anyone who sees better alternatives. Credits to Bastille networks for raising this issue.
A tech geek who wants to own and write about the coolest gadgets