7MS #355: Mousejacking!
7 Minute Security - A podcast by Brian Johnson - Fridays
Categories:
This episode is brought to you by Netwrix Auditor, which empowers IT pros to detect, investigate and resolve critical issues before they stifle business activity, and proactively identify and mitigate misconfigurations in critical IT systems that could lead to downtime. In this episode, we talk about the Mousejacking attack, which allows someone with a crazy radio (or other similar device) to inject keystrokes into vulnerable keyboards and mice. Yikes! Not trying to be a doom and gloom guy here, but using this Mousejacking attack, pentesters/attackers could take over your entire Active Directory in just seconds - from the parking lot! I'll talk about how exactly that could be done - as well as ways to defend against mousejacking - in today's episode. If this episodes primes your appetite for more Mousejackin' fun, join me and my pals Paul and Dan for a deep-dive Mousejacking Webinar on Tuesday, April 2 at 12 p.m. CST! Some resources talked about in today's episode: Mousejack.com - great demo video of the attack Crazy Radio PA - one hardware option to perform mousejacking attacks Custom mousejacking firmware for Crazy Radio PA Jackit - tool for conducting mousejack attacks A cool Twitter thread on using mousejacking for pentests Vulnerable devices - nice repository of devices known to be susceptible to mousejacking attacks