Researchers at Bastille Networks have discovered a flaw in some keyboard and mouse dongles that could allow an attacker located within 100 meters of the computer to execute commands on the system through the dongle. The computer receives the commands as if they were typed by the user sitting at the system.

The “Mousejack” attack capitalizes on a gap in the security of non-Bluetooth mice and keyboards from seven different vendors that use Logitech’s Unifying wireless USB technology. According to Bastille, “Once paired, the Mousejack operator can insert keystrokes or malicious code with the full privileges of the PC owner and infiltrate networks to access sensitive data. The attack is at the keyboard level, therefore PCs, Macs, and Linux machines using wireless dongles can all be victims.”

The Bastille Networks website has a dramatic video showing how the attack works. See the article at the Threatpost site for additional information.