I am using this week’s column as an opportunity to announce three “laws” that are so obvious to me I’m surprised nobody has announced them before. If they have been announced before, I can’t find them. Therefore, here I go. Behold, the worldwide introduction of Dave’s Three Immutable Laws of Hacking.
Dave’s Immutable Law of Hacking Number One: All technology bugs, vulnerabilities and glitches will be found. Dave’s Immutable Law of Hacking Number Two: If it can be hacked, it will be hacked. Dave’s Immutable Law of Hacking Number Three: Some hacks are indefensible, leading to the abandonment of the hacked technology. All three laws are in light of the definition of hacking as “causing a technology, by way of modification or manipulation, to behave in a way for which it was not originally designed.”
I decided to put together Dave’s Three Immutable Laws of Hacking because, even though not heretofore formalized, people ask me about them all the time. The three laws answer the three questions I am asked almost every day: Why did that mysterious computer problem happen (Law #1)? How did it happen (Law #2)? What do I do, now (Law #3)?
While there are thousands of examples that could be used demonstrating how these laws work, I will only use one: 2016’s industry-wide revelation that a huge number of wireless mouse and keyboard systems can be hacked to allow bad guys remote control of your computer from up to 100 yards away.
Dubbed “MouseJacking,” the hack works by taking advantage of software flaws that exist in wireless mouse and keyboard combos from Dell, HP, Lenovo, Logitech, Microsoft and others. These manufacturers, in order to prevent eavesdropping on what’s being typed, encrypt the wireless data exchanged between the keyboard and the “dongle,” the small transmitter/receiver that’s plugged into the computer.
However, in a stunning oversight that still boggles my mind, none of the manufacturers encrypt the wireless signals that flow between the mouse and the computer; only the keyboard signals are protected. The mouse signals have no protection at all. That’s Dave’s Immutable Law of Hacking Number One in action. The technology vulnerability was found.
Next in the MouseJack saga is that some smarty pants hackers figured out that, with some cleverly crafted computer code and a $15 wireless dongle purchased from Amazon, they could trick someone’s computer into receiving keyboard commands masquerading as mouse commands, thereby gaining complete control of their victim’s computer from up to 100 yards away. Dave’s Immutable Law of Hacking Number Two in action: it could be hacked, therefore, it was hacked. Go to Google and search for “mousejack CBS News” for a very enlightening video CBS did on the story.
The last part of the MouseJack story is possibly the most costly. While Logitech has released some software patches to correct the problem on a few of their wireless mouse/keyboard combos, the rest of the products from them and other manufacturers may never be fixed. Where does this leave us? Throwing our wireless keyboards and mice in the trash, and then stuck with landfills overflowing with unsafe, useless computer junk. Time will tell the full impact of the situation, but this illustrates Dave’s Immutable Law of Hacking Number Three: some hacks are indefensible, leading to the abandonment of the hacked technology.
To find out where your wireless mouse and keyboard stand in this mess, look at the list of affected devices at www.mousejack.com.