PDA

View Full Version : Asus Spatha / MouseJack / Encryption



andy_9_9_9_9
04-24-2017, 03:10 AM
Hi!

Does anyone know if the Asus Spatha is affected by the MouseJack hack if used in wireless mode? I know it can be used in wired mode too, but I am interested in a mouse that securely works wireless. Does anyone here know if it is using AES for encryption as recommended? Maybe someone from Asus? The specs don't mention anything about encryption. I like the idea of having replaceable buttons. Had a RAT7 and they had to send 2 additional ones of them because the 5Million click Omrons failed during warranty multiple times. I could even correctly predict when the last one failed up to the month.

Andy

JustinThyme
04-24-2017, 04:19 AM
I dont believe its encrypted.
its 2.4 Ghz and wont pair with anything but a Spatha mouse.
While anything is possible Id doubt you have anything to worry about on that avenue no matte what you are using. Thing is an attack would have to be in a proximity and submitting mouse clicks blindly to what, empty space? It wont run a key board so they cant send keystrokes. The most vulnerable are Logitech unifying receivers that also host keyboards and even then statistics just arent there. Logitech says that in the history of the unifying receivers in 2007 they have zero reports of any such activity. The biggest challenge to such an attack is the fact they are flying blind. Simply launching keystrokes isn't enough.

andy_9_9_9_9
04-24-2017, 02:54 PM
I dont believe its encrypted.
its 2.4 Ghz and wont pair with anything but a Spatha mouse.
While anything is possible Id doubt you have anything to worry about on that avenue no matte what you are using. Thing is an attack would have to be in a proximity and submitting mouse clicks blindly to what, empty space? It wont run a key board so they cant send keystrokes. The most vulnerable are Logitech unifying receivers that also host keyboards and even then statistics just arent there. Logitech says that in the history of the unifying receivers in 2007 they have zero reports of any such activity. The biggest challenge to such an attack is the fact they are flying blind. Simply launching keystrokes isn't enough.

I guess you know that MouseJack is specifically targetting 2.4GHz mice.

According to mousejack.com it works up to 100 meters, dunno if this is still close proximity, especially if population is dense like in a city. Logitech is aware of the problem and has issued patches for most mice afaik. Microsoft too. As long as the keyboard works anything is possible, such as changing passwords or even installing a trojan. There is even some working shell code integrated into metasploit launching a powershell script allowing to connect through HTTP: https://github.com/insecurityofthings/jackit/wiki That maybe more difficult if only mouse movements are possible.

How does that "only pairs with a Spatha" work? Is it using secure methods to achieve that? If doing that securely, adding AES through a firmware update should be a walk in the park for someone who knows what he's doing. It is very easy and the recommended way if not using Blutooth.

Is the Spatha using a different USB receiver than the other wireless keyboards and mice? Asus has some mouse and keyboard combos W2000 and W3000 that most likely share a USB receiver.

The reason that Logitech has seen few complains about this problem since 2007 is that the research for MouseJack was released in early 2016 and is still in a state that it is not very usable for the average script kiddie. It requires customization in most cases to get it working.

JustinThyme
04-24-2017, 03:25 PM
Try using your mouse at 100 meters. I've not but my bet is its not going to work. Keep in mind that mousejack.com is a marketing website trying to sell consulting services. Now search reported cases of mouse jacking. Page after page of nothing but Bastille proclaiming it and everyone else saying that while its possible the likelihood is virtually nil and zero reported cases of it happening. It all actuality it loses credibility when a supposed security company reveals such a risk publicly and globally, they may as well go ahead and publish the needed tools and directions to go with it.

The only 100% safe platform resides in an EMF shielded building with no connections to the outside world.

I'm not privy to the exact connection protocol but yes the actual charging base is also the receiver and works with nothing else but the spatha.
I do know that it pairs with a handshake and requires you to physically initiate pairing on both the receiver and the mouse (pressing pair on both) and the mouse has a 10 digit alpha numeric electronic ID. It works on the same principal as mac filtering and pressing the connect button on a wireless router.