Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Endpoint

4/19/2016
03:00 PM
Dark Reading
Dark Reading
Products and Releases
50%
50%

Bastille Report Finds More Than 80 Percent of Businesses are Potentially Vulnerable to Being MouseJacked

Results Suggest That Despite Increased Awareness and Concern, Some Companies and Individuals Continue to Ignore Risks of the MouseJack Threat

ATLANTA, GA – April 19, 2016 – Bastille, the first cybersecurity company to detect and mitigate threats from the Internet of Things (IoT), today released the 2016 MouseJack Security Vulnerability Survey Report looking at the effects the company’s MouseJack discovery is having on businesses and individuals. MouseJack is a security vulnerabilityfound in wireless mice and keyboard dongles that puts billions of PC’s and millions of networks at risk of being breached. Among the most alarming statistics to arise from the poll is that more than 80 percent of respondents say their companies still allow wireless mice to be used in the workplace. Further, despite a large percentage of individuals concerned about MouseJack, statistics show many remain unconcerned about potentially being hacked and will continue to use their respective vulnerable devices.

The 2016 MouseJack Security Vulnerability Survey Report includes input from more than 900 global professionals, with the results showing that despite increased awareness of the MouseJack vulnerability, not all are heeding the warning:

?         82% of respondents said their companies allowed wireless mice to be used.

?         21% of respondents said they were not concerned that their wireless mouse could be hacked.

?         16% of respondents said they’d continue to use their mouse even if it had the MouseJack vulnerability.

“This report shows that some individuals and companies are playing roulette by ignoring the MouseJack threat,” said Marc Newlin, Bastille’s engineer responsible for the MouseJack discovery. “MouseJack continues to present a clear and present danger to enterprises, as it takes just one compromised mouse to allow a hacker to infiltrate a network and gain access to sensitive corporate and/or customer data.”

Bastille’s industry report on the MouseJack security vulnerability did, however, yield some positive results. According to the data, a large majority of respondents have changed or are willing to make changes to protect themselves from the MouseJack threat. Among the findings:

?         75% of respondents were either very (41%) or somewhat (34%) concerned that their mouse could be hacked

?         79% of respondents said they would patch or replace their mouse if it contained the MouseJack vulnerability:

o   34% would use it if a patch or fix was available

o   29% would replace it with a wired mouse

o   16% would buy a new and safe wireless mouse

“Our mission at Bastille is to protect enterprises from these types of IoT-related airbornethreats, and we are proud that our MouseJack discovery is resulting in people taking control of their IoT security and giving hackers one less infiltration point,” said Chris Risley, CEO, Bastille. “We continue to urge enterprises and individuals that utilize wireless mice to make sure their devices aren’t one of the vulnerable models and, if they are, to take the proper steps to prevent them from becoming a MouseJack victim.”

To download a copy of the 2016 MouseJack Security Vulnerability Survey Report, and for more information on the MouseJack vulnerability – including a list of affected MouseJack devices, visit www.mousejack.com.

For more information on Bastille, visit www.bastille.net and follow them on Twitter @bastillenet and LinkedIn.


About Bastille 

Launched in 2014, Bastille is pioneering Internet of Things (IoT) security with next-generation security sensors and airborne emission detection, allowing corporations to accurately quantify risk and mitigate 21st century airborne threats. Through its patent-pending, proprietary technology, Bastille helps enterprise organizations protect cyber and humanassets while providing unprecedented visibility of wireless IoT devices that could pose a threat to network infrastructure. For more information, visit www.bastille.net and follow @bastillenet on Twitter and LinkedIn.

 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Commentary
Cyberattacks Are Tailored to Employees ... Why Isn't Security Training?
Tim Sadler, CEO and co-founder of Tessian,  6/17/2021
Edge-DRsplash-10-edge-articles
7 Powerful Cybersecurity Skills the Energy Sector Needs Most
Pam Baker, Contributing Writer,  6/22/2021
News
Microsoft Disrupts Large-Scale BEC Campaign Across Web Services
Kelly Sheridan, Staff Editor, Dark Reading,  6/15/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The State of Cybersecurity Incident Response
In this report learn how enterprises are building their incident response teams and processes, how they research potential compromises, how they respond to new breaches, and what tools and processes they use to remediate problems and improve their cyber defenses for the future.
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-34390
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel function where a lack of checks allows the exploitation of an integer overflow on the size parameter of the tz_map_shared_mem function.
CVE-2021-34391
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel�s tz_handle_trusted_app_smc function where a lack of integer overflow checks on the req_off and param_ofs variables leads to memory corruption of critical kernel structures.
CVE-2021-34392
PUBLISHED: 2021-06-22
Trusty TLK contains a vulnerability in the NVIDIA TLK kernel where an integer overflow in the tz_map_shared_mem function can bypass boundary checks, which might lead to denial of service.
CVE-2021-34393
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in TSEC TA which deserializes the incoming messages even though the TSEC TA does not expose any command. This vulnerability might allow an attacker to exploit the deserializer to impact code execution, causing information disclosure.
CVE-2021-34394
PUBLISHED: 2021-06-22
Trusty contains a vulnerability in all TAs whose deserializer does not reject messages with multiple occurrences of the same parameter. The deserialization of untrusted data might allow an attacker to exploit the deserializer to impact code execution.