Microsoft patched various vulnerabilities in its products last week including the ‘MouseJack' flaw, however it is still still affecting most organisations.
The vulnerability that hijacks wireless mice and keyboards was discovered in February by researchers at IoT security company Bastille. The 2016 MouseJack Security Vulnerability Survey Report revealed that more than 80 percent of organisations are vulnerable to the flaw. Over 900 responses were received from professionals around the world.
82 percent of respondents said their companies allowed their employees to use wireless mice. Over a fifth (21 percent) said they were not concerned that their wireless mouse could be hacked. Seventy nine percent of respondents said they would patch or replace their mouse if it contained the MouseJack vulnerability. Almost a third (29 percent) would replace their wireless mouse with a wired one.
The vulnerabilities can allow a hacker to type arbitrary commands into a victim's computer from up to 100 metres away using a £10 dongle. Wireless mice and keyboards from Microsoft, Dell, Logitech, HP, Lenovo and more were found vulnerable. Microsoft's patch resolves the issue for some of the company's wireless mice and some specific Windows releases such as Windows 7, 8.1 and 10. Devices from other vendors and machines running under other systems are still vulnerable.
“We continue to urge enterprises and individuals that utilise wireless mice to make sure their devices aren't one of the vulnerable models and, if they are, to take the proper steps to prevent them from becoming a MouseJack victim,” said Chris Risley, CEO of Bastille.