Results 1 to 4 of 4
  1. #1
    ROG Member Array
    Join Date
    Jun 2014
    Reputation
    10
    Posts
    9

    Question Asus Spatha / MouseJack / Encryption

    Hi!

    Does anyone know if the Asus Spatha is affected by the MouseJack hack if used in wireless mode? I know it can be used in wired mode too, but I am interested in a mouse that securely works wireless. Does anyone here know if it is using AES for encryption as recommended? Maybe someone from Asus? The specs don't mention anything about encryption. I like the idea of having replaceable buttons. Had a RAT7 and they had to send 2 additional ones of them because the 5Million click Omrons failed during warranty multiple times. I could even correctly predict when the last one failed up to the month.

    Andy
    Last edited by andy_9_9_9_9; 04-24-2017 at 03:13 AM.

  2. #2
    Banned Array JustinThyme PC Specs
    JustinThyme PC Specs
    Laptop (Model)G752VY-DH72
    MotherboardRampage VI Extreme
    ProcessorI9 9940X
    Memory (part number)64GB DDR4 8x8 Corsair Dominator Platinum 3800 MHz @ C17
    Graphics Card #1ASUS Strix 2080Ti O11G @ 2.1GHz
    Graphics Card #2ASUS Strix 2080Ti O11G @ 2.1Ghz
    Graphics Card #3ROG Nvlink
    Graphics Card #4Have to feed animals
    Sound CardExternal Audioengine D1 24 bit 192kbps DAC
    MonitorASUS PG348Q @ 100Hz
    Storage #1Intel 905P 480GB U2 flavor
    Storage #2Samsung 850 EVO 1TB X2 in RAID 0, 960 PRO 1TB DIMM.2_1
    CPU CoolerHeatKiller IV PRO and VRM blocks ,Dual D5 PWM serial, 2X 480, 1X 360 RADS
    CasePhanteks Enthoo Elite 8X LL120 PWM, 3X LL140 PWM, 12 SP120 PWM 1x AF140 PWM
    Power SupplyCorsair AX 1500i
    Keyboard ASUS Claymore
    Mouse ASUS Spatha, Logitech MX Master
    Headset Sennheiser HD 700
    Mouse Pad ASUS ROG Sheath
    Headset/Speakers Audioengine A5+ with SVS SB-1000 Sub
    OS Win10 Pro 1809
    Network RouterNetGear NightHawk X10
    Accessory #1 NetGear Prosafe 10GBe Switch
    Accessory #2 Qnap TVS-682 NAS modded with I7 CPU

    Join Date
    Nov 2013
    Reputation
    144
    Posts
    3,859

    I dont believe its encrypted.
    its 2.4 Ghz and wont pair with anything but a Spatha mouse.
    While anything is possible Id doubt you have anything to worry about on that avenue no matte what you are using. Thing is an attack would have to be in a proximity and submitting mouse clicks blindly to what, empty space? It wont run a key board so they cant send keystrokes. The most vulnerable are Logitech unifying receivers that also host keyboards and even then statistics just arent there. Logitech says that in the history of the unifying receivers in 2007 they have zero reports of any such activity. The biggest challenge to such an attack is the fact they are flying blind. Simply launching keystrokes isn't enough.

  3. #3
    ROG Member Array
    Join Date
    Jun 2014
    Reputation
    10
    Posts
    9

    MouseJack

    Quote Originally Posted by JustinThyme View Post
    I dont believe its encrypted.
    its 2.4 Ghz and wont pair with anything but a Spatha mouse.
    While anything is possible Id doubt you have anything to worry about on that avenue no matte what you are using. Thing is an attack would have to be in a proximity and submitting mouse clicks blindly to what, empty space? It wont run a key board so they cant send keystrokes. The most vulnerable are Logitech unifying receivers that also host keyboards and even then statistics just arent there. Logitech says that in the history of the unifying receivers in 2007 they have zero reports of any such activity. The biggest challenge to such an attack is the fact they are flying blind. Simply launching keystrokes isn't enough.
    I guess you know that MouseJack is specifically targetting 2.4GHz mice.

    According to mousejack.com it works up to 100 meters, dunno if this is still close proximity, especially if population is dense like in a city. Logitech is aware of the problem and has issued patches for most mice afaik. Microsoft too. As long as the keyboard works anything is possible, such as changing passwords or even installing a trojan. There is even some working shell code integrated into metasploit launching a powershell script allowing to connect through HTTP: https://github.com/insecurityofthings/jackit/wiki That maybe more difficult if only mouse movements are possible.

    How does that "only pairs with a Spatha" work? Is it using secure methods to achieve that? If doing that securely, adding AES through a firmware update should be a walk in the park for someone who knows what he's doing. It is very easy and the recommended way if not using Blutooth.

    Is the Spatha using a different USB receiver than the other wireless keyboards and mice? Asus has some mouse and keyboard combos W2000 and W3000 that most likely share a USB receiver.

    The reason that Logitech has seen few complains about this problem since 2007 is that the research for MouseJack was released in early 2016 and is still in a state that it is not very usable for the average script kiddie. It requires customization in most cases to get it working.
    Last edited by andy_9_9_9_9; 04-24-2017 at 03:13 PM.

  4. #4
    Banned Array JustinThyme PC Specs
    JustinThyme PC Specs
    Laptop (Model)G752VY-DH72
    MotherboardRampage VI Extreme
    ProcessorI9 9940X
    Memory (part number)64GB DDR4 8x8 Corsair Dominator Platinum 3800 MHz @ C17
    Graphics Card #1ASUS Strix 2080Ti O11G @ 2.1GHz
    Graphics Card #2ASUS Strix 2080Ti O11G @ 2.1Ghz
    Graphics Card #3ROG Nvlink
    Graphics Card #4Have to feed animals
    Sound CardExternal Audioengine D1 24 bit 192kbps DAC
    MonitorASUS PG348Q @ 100Hz
    Storage #1Intel 905P 480GB U2 flavor
    Storage #2Samsung 850 EVO 1TB X2 in RAID 0, 960 PRO 1TB DIMM.2_1
    CPU CoolerHeatKiller IV PRO and VRM blocks ,Dual D5 PWM serial, 2X 480, 1X 360 RADS
    CasePhanteks Enthoo Elite 8X LL120 PWM, 3X LL140 PWM, 12 SP120 PWM 1x AF140 PWM
    Power SupplyCorsair AX 1500i
    Keyboard ASUS Claymore
    Mouse ASUS Spatha, Logitech MX Master
    Headset Sennheiser HD 700
    Mouse Pad ASUS ROG Sheath
    Headset/Speakers Audioengine A5+ with SVS SB-1000 Sub
    OS Win10 Pro 1809
    Network RouterNetGear NightHawk X10
    Accessory #1 NetGear Prosafe 10GBe Switch
    Accessory #2 Qnap TVS-682 NAS modded with I7 CPU

    Join Date
    Nov 2013
    Reputation
    144
    Posts
    3,859

    Try using your mouse at 100 meters. I've not but my bet is its not going to work. Keep in mind that mousejack.com is a marketing website trying to sell consulting services. Now search reported cases of mouse jacking. Page after page of nothing but Bastille proclaiming it and everyone else saying that while its possible the likelihood is virtually nil and zero reported cases of it happening. It all actuality it loses credibility when a supposed security company reveals such a risk publicly and globally, they may as well go ahead and publish the needed tools and directions to go with it.

    The only 100% safe platform resides in an EMF shielded building with no connections to the outside world.

    I'm not privy to the exact connection protocol but yes the actual charging base is also the receiver and works with nothing else but the spatha.
    I do know that it pairs with a handshake and requires you to physically initiate pairing on both the receiver and the mouse (pressing pair on both) and the mouse has a 10 digit alpha numeric electronic ID. It works on the same principal as mac filtering and pressing the connect button on a wireless router.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •