MouseJack Affected Devices

The following devices have been tested and are vulnerable to a MouseJack keystroke injection attack (specifically vulnerabilities that pertain to Bastille Threat Research Team Tracking Number #1-7, 9 & 12). To help determine whether you have an affected device connected to your system, please compare the following screenshots against your computer. Hardware information screens are provided for Windows, OS X and Linux for each USB dongle:


VendorAffected DevicesAdvisoryVendor ResponseUSB ID Screenshots
AmazonBasics Wireless Mouse MG-0975
USB dongle RG-0976 (USB ID 04f2:0976))
#7 HID Packet Injection
Dell Dell KM714 Wireless Keyboard and Mouse Combo
KM714 USB dongle (USB ID 046d:c52b)
KM632 Wireless Mouse
USB dongle (USB ID 413c:2501)
#1 Force Pairing
#2 Keystroke Injection
#3 Fake Mouse
#7 HID Packet Injection
#11 Unencrypted Keystroke Injection Fix Bypass
Statement
Gigabyte

K7600 wireless keyboard

USB dongle (USB ID 04b4:0060)

#6 Packet Injection

HP

Wireless Elite v2 keyboard

Elite USB dongle (USB ID 03f0:d407)

#5 HID Packet Injection

Lenovo

500 Wireless Mouse (MS-436)

500 USB Dongle (USB ID 17ef:6071)

#9 HID Packet Injection

LEN-4292
Logitech

K360

K400r

K750

K830

Unifying dongle (USB ID 046d:c52b)

Tested firmware versions:

  • 012.001.00019
  • 012.003.00025

#1 Force Pairing

#2 Keystroke Injection

#3 Fake Mouse

Firmware Update

(With above update, #1, #2 & #3 are solved.)

Logitech (update)

K400r

Logitech Unifying Dongles C-U0007 (FW ver 012.005.00028) &
C-U0008 (FW ver 024.003.00027) (both USB ID 046d:c52b)

Logitech G900

Logitech G900 dongle C-U0008 (USB ID 046d:c539)

#11 Unencrypted Keystroke Injection Fix Bypass

#12 Unencrypted Keystroke Injection

#16 Malicious Macro Programming

Please note: these products also affected by KeyJack.

Firmware Update

(With above update, #11 & #12 are solved.)

Microsoft

Sculpt Ergonomic mouse

Wireless Mobile Mouse 4000

Microsoft Wireless Mouse 5000

2.4GHz Transceiver v7.0 (USB ID 045e:0745)

USB dongle model 1496 (USB ID 045e:07b2)

USB dongle model 1461 (USB ID 045e:07a5)

#4 HID Packet Injection

3152550

Note: Mice part of a combo set are still vulnerable.



Note: links were updated in 2016 at time of discovery—vendors may change links without alerting us


Also covered in our advisories is a Denial-Of-Service vulnerability (Bastille Threat Research Team Tracking Number #8), which affects the following hardware:

Vendor Affected Devices Advisory
(with Tracking #)
Lenovo

N700 Mouse

N700 USB dongle (USB ID 17ef:6060)

Ultraslim Keyboard

Ultraslim Mouse

Ultraslim USB dongle (USB ID 17ef:6032)

Ultraslim Plus Keyboard

Ultraslim Plus Mouse

Ultraslim Plus USB dongle (USB ID 17ef:6022)

#8 Denial-Of-Service

Although the Bastille Threat Research Team endeavored to test a wide variety of models of wireless keyboard and mice from multiple vendors, it is not possible to acquire and test every model available on the market. There may be other models and vendors that are affected by this class of vulnerability, so the list should not be considered definitive.


Advisories
The plain-text advisories can be found above, and at CERT/CC VU#981271
 

Remediation

  1. Immediately disconnect all affected USB dongles, and use wired keyboards and mice instead.

  2. If you are using affected Logitech or 'Lenovo 500' devices, please update your firmware by referring to the appropriate instructions (see appropriate Vendor Response links above).

Dongles from other vendors were not found to support upgrading of firmware, so it does not appear possible to patch them. Therefore it is recommended that users contact their preferred vendor and inquire into which models are not vulnerable for future purchases.


Tools
The Bastille Threat Research Team is releasing free, open source tools to enable interested parties to discover wireless mice and keyboards that may be vulnerable to MouseJack.


Please refer to: https://github.com/BastilleResearch/mousejack