Tag: Mousejacking

  • What to Expect with a Raxis Wireless Penetration Test

    Although social engineering attacks – including phishing, vishing, and smishing – are the most popular and reliable ways to gain unauthorized access to a network, some hackers simply don’t have the social or communications skills necessary to perform those attacks effectively. Wireless attacks, by contrast, are typically low-risk, high-reward opportunities that don’t often require direct interaction with the target.

    That’s one reason why pentesting for wireless networks is one of Raxis’ most sought-after services. We have the expertise and tools to attack you in the same ways a real hacker will. In fact, I’ve successfully breached corporate networks from their parking lots, using inexpensive equipment, relatively simple techniques, and by attacking devices you might never suspect.

    To appreciate how we test wireless networks, remember that wireless simply means sending radio signals from one device to another. The problem with that is that no matter how small the gap between them, there’s always room for a hacker to set up shop unless the network is properly secured.

    So, if Raxis comes onsite to test your wireless network, the first thing we will likely do is map your network. This is a mostly passive activity in which we see how far away from your building the wireless signal travels normally. But we also have inexpensive directional antennas that allow us to access it from further away if we need to be stealthier.

    Using an easily accessible aircrack-ng toolkit, we can monitor and capture traffic from wireless devices as well as send our own instructions to others that are unprotected. (I’ll go into more detail about that in a moment.)

    As we establish the wireless network’s boundaries, we also determine whether there are guest networks or even open networks in use. Open networks, as the name implies, require no special permission to access. Even on controlled guest networks, we can usually get in with little effort if weak passwords are used or the same ones reused. Once we’re in as a guest, we’ll pivot to see if we can gain unauthorized access to other areas or other users’ data.

    While this is going on, we will often set up a rogue access point, essentially just an unauthorized router that passes traffic to the internet. If the network is configured properly, it should detect this access point and prevent network traffic from accessing it. If not, however, we can capture the credentials of users who log into our device using a man-in-the-middle attack.

    Scottie with a directional wireless antenna

    Our primary goal here is to capture usernames and password hashes, the characters that represent the password after it has been encrypted. In rare cases, we’re able to simply “pass the hash” and gain access by sending the encrypted data to the network server.

    Most networks are configured to prevent this technique and force us to use a tool to try to crack the encryption. Such tools – again, readily available and inexpensive – can guess more than 300 billion combinations per second. So, if you’re using a short, simple password, we’ll have it in a heartbeat. Use one that’s more complex and it may take longer or we might never crack it.

    If a network isn’t properly secured, however, we might be able to find a way in that doesn’t require a password. Many people who use wireless mice and keyboards, for example, don’t realize that we can sometimes intercept those signals as well. For non-Bluetooth devices, we can use our aircrack-ng tools to execute commands from a user’s (already logged-in) device.

    As a proof of concept, we sometimes change screensavers or backgrounds so that network admins can see which devices are vulnerable. However, we can also press the attack and see if we’re able to pivot and gain additional access.

    The good news for business owners is that there are simple methods to protect against all these attacks:

    • Never create an open network. The convenience does not justify the security risk.
    • If you have a guest network, make sure that it is not connected to the corporate network and that users are unable to access data from any others who may also be using it.
    • Use the latest wireless security protocol (WPA3) if possible.
    • If you’re using WPA2 Enterprise, make sure the network is requiring TLS and certificates.
    • If you’re using WPA3 Personal, make sure your password is at least 30 characters long. (That’s not a typo – 30 characters is still out of reach for most hash-cracking software.)

    Here’s the most important piece of advice: Test your network regularly. New exploits are found every day, and hackers’ tools get better, faster, and cheaper every day. The only way to stay ahead of them is with professionals like us who live in their world every day.

    And, trust me, you’d much rather have Raxis find your vulnerabilities than the bad guys.

  • How to Pull Off a Mousejacking Attack

    What’s an easy, effective and potentially devastating cyberattack . . . that’s also named for a rodent?

    If you guessed mousejacking, you are a star student today. 

    A mousejacking attack occurs when an attacker scans for the wireless transmissions sent from your wireless mouse to the USB dongle plugged into your computer. These transmissions from a mouse contain data that describes the mouse’s actions. When an attacker is able to scan and find these transmissions, they may also be able to quickly intercept and, with a few quick keystrokes and clicks, impersonate the mouse and begin sending their own malicious commands through the wireless dongle and into the computer. 

    Users may see a brief pop-up screen with code, but things returns to normal quickly, and many times they don’t think it’s significant enough to notify their security team.

    To add a little insult to injury, an attacker doesn’t even have to be in the building or in close proximity to the workstation to pull this off. They can be in your parking lot or maybe that park across the street.

    Now, there are a lot more technical things that go into it, so take a look at the video above to learn the details.

    So how do you prevent a mousejacking attack? Since this attack only can occur on workstations that are open and running, remember (and remind your colleagues) to always lock your station if you are walking away or not actively working on it. Also, let your colleagues in IT security know about anything suspicious you see. Trust me, they want to know.

    Remember it only takes a few minutes for attackers to get into your network and start causing trouble. 

    Please share this blog and video with your team so they know what to look for and how quickly it can happen, and encourage them to report it immediately. 

    With years of penetration testing and general mischief making behind us, we at Raxis have learned that there is always a way in. And we can find it. Our team of experts are ready to help you and your organization find its weaknesses and help you strengthen your security. Talk with our team today.