1

I have recently bought one of the recent "best" USB gaming mouses out there. The thing that is bothering that the marketing material says it contains a self-programmable computer embedded in the mouse, which is able to save the lightning, sensitivity and other settings.

On my Windows machine the mouse gets accepted as a HID-conform mouse and two times as a keyboard. On my Linux machine it gets accepted as a Tablet(!) and a mouse.

  • Can this somehow get exploited?

  • Has there been a recent BadUSB variant for gaming mouses or something similar?

  • Is this a real upcoming issue, since the gaming industry is currently booming and it seems it's not going to stop booming in the near future?

  • Since most of such USB gaming mouse are attached to the USB port at boot, is there a danger of messing with the boot?

  • How do you minimize the danger of possible USB sniffing in this context?

Sir Muffington
  • 1,447
  • 2
  • 9
  • 22
  • Does this answer your question? [Is all the alarmism around BadUSB really called for with respect to host devices?](https://security.stackexchange.com/questions/176207/is-all-the-alarmism-around-badusb-really-called-for-with-respect-to-host-devices) – CriticalSYS Nov 01 '20 at 16:31
  • It does partly answer some of the concerns, but are some points that the related question does not answer. I also added two more questions. – Sir Muffington Nov 01 '20 at 18:45
  • Let's take a step back. These devices have a processor and large storage capacity and changeable functions. They are little computers. The fact that they are mice is secondary. Your question, then, could easily be "what risks are there to connecting a computer that I do not control to another computer?" This is not an "upcoming" issue. Programable USBs have been a concern for years. – schroeder Nov 01 '20 at 19:47
  • We've been fielding these types of questions for years. Search for "malicious USB" https://www.google.com/search?q=malicious+usb+site%3Asecurity.stackexchange.com – schroeder Nov 01 '20 at 19:49
  • @schroeder I see there are lots of answers there now. Especially this one helped me out a lot https://security.stackexchange.com/a/229900 What about USB passive sniffing and boot manipulation? – Sir Muffington Nov 01 '20 at 23:24
  • From all the other answers, the conclusion is that it would be possible to store the key combination to open the BIOS and make changes. Aside from that, you would be able to do whatever you could do with a keyboard or mouse. This is not a threat unique to the USB device. "Sniffing" would require some kind of vulnerability on the motherboard. – schroeder Nov 02 '20 at 11:46
  • Thank you. You answered my questions – Sir Muffington Nov 02 '20 at 13:45

0 Answers0