Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Security

kasperd's Journal: Secure wireless mice 13

Journal by kasperd

Most of you probably already know how annoying the wire on the mouse sometimes may be. That is why the wireless mouse was invented, and now I'm looking for one. But as with any other wireless equipment, security is an important issue. Sometimes these devices work over longer ranges than expected.

The possibility to sniff the input is not my only concern. Authenticity is also important, I don't want anybody within a range of 100m to be able to control my computer. So any product that doesn't do both encryption and MAC (message authentication codes), is out of the question.

It wouldn't be difficult to produce a secure product. Good ciphers and MACs exists, and key exchange can safely be done while the mouse is placed in the recharger. But finding a product that actually does this proves to be difficult.

I searched for wireless mice satisfying most of my needs (that is optical wireless mice with at least three mouse buttons). And I picked five well known manufacturers from the list. None of the informations I could find online answered my questions. So I decided to contact the companies and ask. The result were depressing.

  • The first company had a wide range of wireless mice, but only one product with encryption. And even this product wasn't trustworthy, as it was based on proprietary algorithms. Security through obscurity is generally considered a sign of weakness, and is advised against in more than one place.
  • The second company did not know what encryption and MAC is, and did not consider it to be necessary.
  • The third company never replied to my email.
  • The fourth company replied to my email, but did not try to answer my questions. Instead I was referred me to a reseller. The reseller had never heard about the product.
  • The fifth company did not provide any contact informations on their webpage.

So I am starting to worry, that maybe secure wireless mice simply does not exist. Where should I look for a secure wireless mouse? And if I find a manufacturer, that can provide a good description of a secure product, how should I verify that the implementation actually match the description?

Of course my considerations about wireless mice also applies to keyboards. The keyboard may in fact be even more sensitive than a mouse, and since I don't move my keyboard as much as I move my mouse, I have decided to stick with wired keyboards.

This discussion has been archived. No new comments can be posted.

Secure wireless mice

Comments Filter:
  • Bluetooth mice often use encryption.

    Apple's BT mice use AES-128
    • Bluetooth mice often use encryption.

      Maybe that is true. The one mouse the first company could offer with encryption was in fact a bluetooth mouse. But since it is security through obscurity, I still cannot trust it. It is not enough for me that they say there is encryption, I want a trustworthy product.

      Apple's BT mice use AES-128

      I did not look much on the Apple products, because I couldn't find any Apple mouse that satisfied the rest of my requirements. One of the requirements I mentioned was at lea
      • Besides that, choosing a cipher is the least part of making a secure product. I would trust AES-128, but without further information I would not trust that they use it correctly.

        This isn't Apple's only implementation of AES-128. MacOS X has a feature that will encrypt a uses home folder in AES-128 on the fly, and they stand by it as being both secure and reliable.

        But of course as you said, an Apple mouse isn't going to serve. This Bluetooth mouse [radtech.us] has 2 buttons and a scroll wheel, though I'm not sure of i
        • This isn't Apple's only implementation of AES-128.

          It is still not the implementation of AES-128 I'm worried about. That part they can easilly test against reference implementations. It is the way it is used.

          MacOS X has a feature that will encrypt a uses home folder in AES-128 on the fly, and they stand by it as being both secure and reliable.

          Is this on the block layer or on the filesystem layer? I have been looking a lot into what have been done on the block layer. But most of it sounds like an inse
  • If you can find a mouse with relatively common hardware, updating the firmware to do what you want *might* not be that bad. Of course, that all depends on the complexityof the firmware. And writing USB firmware can really suck if the hardware doesn't take care of what it should.
    • If you can find a mouse with relatively common hardware, updating the firmware to do what you want *might* not be that bad.

      Updating the firmware is not an option if the hardware cannot do what I need. I mean the best solution I can think of requires the mouse to communicate with the receiver through the connectors in the recharger. If the hardware cannot do that, there is no way a modified firmware can help. Besides where do I find a mouse where I can actually update the firmware in the mouse?
  • I'm gonna go with what the first guy said. What is somone gonna do with how you move your mouse and click? A keyboard might be diferent, but a mouse? If your that paranoid then go back to a wired mouse.
    • What is somone gonna do with how you move your mouse and click?

      So did you not read what I wrote? Or did you just not understand it?

      Authenticity is also important, I don't want anybody within a range of 100m to be able to control my computer.

      But of course secrecy is actually important as well. Many random number generators use mouse input as their primary or only source of randomness. If you can sniff the mouse you can predict randomness that was supposed to protect your network communication. You can

      • i misunderstood the first point. i use a wireless mouse my self. i have never seen the frequences hijacked by anyone. if somone does gain control over your computer, they will have to see the screen to do anything. if they are that close they might as well be using your own mouse. yes it would be nice to have some security like that, but i dont see it being a big enough demand now.
        • if somone does gain control over your computer, they will have to see the screen to do anything.

          It is easier if you can see the screen, but I still believe a lot of damage can be done if you have a carefully prepared sequence of movements. It is easy to move the cursor to a corner of a screen. So if you know the coordinates of some icon relative to any of the corners of the screen, you can use it. If you can somehow manage to open a window with some predicatble text in it, you can also use cut'n'paste to
  • OK You seem to be looking for something that isn't there because your insisting on a PS/2 Interface. Thats a legacy interface designed for wired devices why would a company have any desire to implement security over a wired interface?

    Bluetooth gives you security as it's built into the protocal at Layer 2 I beleive. The pairing process is when key exchange is done. As to security of the cypher it the same across BT as it's part of that standard. The only reasons any security is there is because it's bui
    • OK You seem to be looking for something that isn't there because your insisting on a PS/2 Interface.
      That is wrong. I never told any of those companies, that PS/2 was in fact a requirement. They still were not able to suggest any trustworthy wireless mouse.

      Thats a legacy interface designed for wired devices why would a company have any desire to implement security over a wired interface?
      This is nonsense. I'm not talking about security over PS/2. I'm talking about security over the wireless connection.

"Buy land. They've stopped making it." -- Mark Twain

Working...