Yes, you read it right. Your mouse can allow attackers to gain unsurpassed access to compromised systems.
Where does the mouse come in here?
- Kensington sells mice with extra buttons. The software KensingtonWorks helps the users connect these extra buttons to shortcut commands.
- These mice are presumed to be used by high-value targets, with the vulnerabilities being used in targeted attacks.
- Moreover, KensingtonWorks is written in Electron, implying that the app may be vulnerable to cross-site scripting attacks.
What does this imply?
In April, a unique attack vector was discovered that allowed a threat actor to manipulate a PPT file to start downloading malware, just by hovering the cursor over a hypertext link.
The bottom line
It is undeniable that attackers, with every passing day, are coming up with new ingenious ways to hack targets. Users of Kensington mice and KensingtonWorks are suggested to be on the lookout for the patch released to stay safe. Until then, stay safe and follow internet safety protocols.