Posted by alphaatlas 12:12 PM (CDT)
Monday March 18, 2019
According to a recent post on David Sopas' security blog, the very popular, and very cheap, Logitech M185 is vulnerable to a keystroke injection attack. Using a recent version of the "Bettercap" hacking toolkit and a 2.4ghz USB dongle, the security researcher used the mouse to open a script which, in this particular case, simply opened a calculator instance on Windows. While it wasn't on the "affected mouse" list, the M185 is apparently part of a wide variety of mice that are affected by similar exploits. Thanks to cageymaru for the tip, and check out the demonstration below:
Just a simple PoC where I took an Logitech M185 wireless mouse and hijacked it to launch my DuckyScript on the victims machine - in this case just popping up the Windows calculator.