Wireless mice and keyboards alarm: they can be hacked

Computer researcher Marcus Mengs has discovered security flaws that affect wireless keyboards and mice and put our data in danger

If you have a wireless mouse or keyboard then be very careful: they could become the gateway for viruses or malware and a hacker in a few minutes could use them to enter your PC and steal all your data, as well as destroy it.

The alarm comes from researcher Marcus Mengs, who explains that the problem lies mainly in some security flaws in the dongle (the small USB stick that serves to send input to mice and keyboards, but also pointers for presentations and other devices). Although the flaw has been found on Logitech devices, it would be a generalized alert, not related to a specific product or brand: Meng has not done specific tests, but other wireless pointing devices, equipped with the same chip but produced by other brands, could also be vulnerable.

Why wireless mice and keyboards are dangerous

Mengs has discovered that, during the pairing phase between the pointing device and the dongle, a hacker could get in the way and enter our system. At that point he could do anything: transmit viruses or steal data, for example. The vulnerabilities found by Marcus Meng total seven, and not all of them have already been patched.

The incriminated dongles

According to Mengs, the vulnerabilities impact all Logitech USB dongles that use Logitech's proprietary "Unifying" 2.4 GHz radio technology, the first version of which dates back to 2009. The dongles are often found with wireless keyboards, mice, presentation clickers and trackballs.

The MouseJack of 2016

This is not the first time security flaws have been discovered in wireless dongles for pointing devices. Back in 2016, another researcher, Marc Newlin, discovered the vulnerability that later became known as "MouseJack." It was a flaw very similar to those discovered by Marcus Meng, a sign that the wireless connection applied to mice and keyboards can be very dangerous. Not least because, and this is particularly serious, Mengs discovered that there are still devices on the market that are vulnerable to 2016's MouseJack. And that, as you'll understand, multiplies the number of potentially attackable devices.