Is your mouse a RAT? The rise of remote access tools.

“Wireless mice and keyboards are the most common accessories for PCs today, and we have found a way to take over billions of them.”

This scary announcement by Marc Newlin, the engineer at Bastille responsible for discovering what the company is calling ‘mousejack’ came last February.

According to Bastille, a cyber security company with a mission to detect and mitigate threats from the Internet of Things, fifteen dollars and a few lines of code are all you need to hack a wireless mouse or keyboard.

Once into a system through the mouse, a hacker can remotely take over a computer, insert malware, and potentially infiltrate a network. And it only takes seconds to hack your computer through your mouse.

Is your mouse a rat? Here is a list of some, but not all of the affected mice. Most non-Bluetooth wireless dongles are vulnerable. Contact the manufacturer to find out if there is a patch for the security flaw, if not replace your mouse.

Everyone has heard of the Yahoo hack that affected 500 million users. Of course, these hacks didn’t come through a mouse, where do they come from?

Printers are one way into a system. Did your printer start printing offensive flyers last spring? Andrew Auernheimer says he did it, to among other things, illustrate the dangers of unsecured connections to the IoT.

In July, Microsoft issued a patch for a flaw in the printer spooler in every version. The flaw could allow an attacker to install malware remotely on a machine to view, modify or delete data, or create new accounts with full user rights

Cameras are another way into a system. In July, the Register reported that 414,949 D-Link cameras and IoT devices could be hijacked over the Net, allowing remote attackers to completely hijack the administrator account of the devices to install backdoors and intercept traffic.

Tech Worm, Naija, and IFSAC Global all posted the same video on how to hack a CCTV camera.  James Lyne who is global head of security research at the security firm Sophos made the video.

Building Automation Systems (BAS) are also venerable to IoT hacks. BAS can control heating, lighting, and physical access.

On Friday, October 21st, CNBC reported many websites including Amazon, Twitter, Spotify, and were shut down for more than half the day by a DDoS attack. Hackers used public source codes to assemble a botnet army of Internet-enabled devices and then directed those devices to send massive waves of junk requests to a DNS provider. The compromised devices, which make up the IoT botnet army, are still unpatched, which means other attacks are likely on the way. There are a variety of devices involved including, cameras, printers, and routers.

ZDNet is reporting that up to 3.2 million debit cards in India might be compromised due to malware.

The US National Republican Senatorial Committee was one of about 5,900 e-commerce platforms that have recently been compromised by malicious skimming software; the NSRC site was infected from March 16 to October 5 by malware that sent donors’ credit card data to attacker-controlled domains.

Many security breaches come from malware like Mirai and from Enfal, which is embedded in emails. Enfal has been around since 2004 but because it is always evolving it is still a danger.

There is another kind of RAT out there. In December 2015, foreign spies made off with an “unknown quantity of documents” after infecting Australia’s meteorology bureau with a RAT, a Remote Access Tool. The RAT had also compromised other Australian government networks. The 2016 threat report states there are at least six further hosts on the Bureau’s network that the attacker attempted to access, including domain controllers and file servers.

There is hope that there won’t always be rats in your system. In September, Angus Taylor, assistant minister for cities and digital transformation, announced the launch of Hypercat Australia. It will adopt the British designed Hypercat Standard. It features security extensions, and it allows IoT devices connected to networks to be discoverable and standardised.

Members of Hypercat Australia include KPMG, Giant Ideas, and the Knowledge Network. It is a nonprofit independent organisation and the Knowledge Economy Institute will run the platform. The IoT Alliance Australia (IoTAA), fully supports Hypercat Australia.

WISeKey just announced a new platform that will only enable IoT devices which can provide a recognised identity and a valid integrity report to communicate within a system.

While these platforms might not be the Pied Piper to lead the rats out of your system, they are certainly a step in the right direction.


Related Posts
Share This
The Internet of Things will Change your Business | This SolutionBusiness Cyber Security and Insider Threats | This Solution