JustinThyme wrote:
I dont believe its encrypted.
its 2.4 Ghz and wont pair with anything but a Spatha mouse.
While anything is possible Id doubt you have anything to worry about on that avenue no matte what you are using. Thing is an attack would have to be in a proximity and submitting mouse clicks blindly to what, empty space? It wont run a key board so they cant send keystrokes. The most vulnerable are Logitech unifying receivers that also host keyboards and even then statistics just arent there. Logitech says that in the history of the unifying receivers in 2007 they have zero reports of any such activity. The biggest challenge to such an attack is the fact they are flying blind. Simply launching keystrokes isn't enough.
I guess you know that MouseJack is specifically targetting 2.4GHz mice.
According to mousejack.com it works up to 100 meters, dunno if this is still close proximity, especially if population is dense like in a city. Logitech is aware of the problem and has issued patches for most mice afaik. Microsoft too. As long as the keyboard works anything is possible, such as changing passwords or even installing a trojan. There is even some working shell code integrated into metasploit launching a powershell script allowing to connect through HTTP:
https://github.com/insecurityofthings/jackit/wiki That maybe more difficult if only mouse movements are possible.
How does that "only pairs with a Spatha" work? Is it using secure methods to achieve that? If doing that securely, adding AES through a firmware update should be a walk in the park for someone who knows what he's doing. It is very easy and the recommended way if not using Blutooth.
Is the Spatha using a different USB receiver than the other wireless keyboards and mice? Asus has some mouse and keyboard combos W2000 and W3000 that most likely share a USB receiver.
The reason that Logitech has seen few complains about this problem since 2007 is that the research for MouseJack was released in early 2016 and is still in a state that it is not very usable for the average script kiddie. It requires customization in most cases to get it working.