How to Inject Keystrokes into Logitech Keyboards with an nRF24LU1+ Transceiver

How to Inject Keystrokes into Logitech Keyboards with an nRF24LU1+ Transceiver

MouseJack vulnerabilities were disclosed over three years ago. Some wireless keyboard manufacturers have since issued firmware updates, but millions (if not billions) of keyboards remain unpatched worldwide, either because they can't be updated or because the manufacturer never bothered to issue one.


According to Bastille, "MouseJack is a class of vulnerabilities that affects the vast majority of wireless, non-Bluetooth keyboards and mice." Led by Marc Newlin, MouseJack takes advantage of a USB dongle's (shown below) willingness to accept unencrypted keystrokes from surrounding devices.






Image by tokyoneon/Null Byte

However, the concept of keystroke sniffing and injection was first made public by Thorsten Schroeder and Max Moser in 2010. Later, Travis Goodspeed published "Promiscuity is the nRF24L01+'s Duty," which expanded on the duo's work. In 2015, Samy Kamkar debuted KeySweeper, an Arduino-based USB wall charger designed to passively sniff and log keystrokes made by Microsoft keyboards.


Marc discovered that wireless mice and keyboards manufactured by AmazonBasics, Dell, Gigabyte, HP, Lenovo, Logitech, and Microsoft were all affected by many of the MouseJack vulnerabilities. An attacker with ..