BlueSniff: Eve meets Alice and Bluetooth
WOOT '07 Proceedings of the first USENIX workshop on Offensive Technologies
| Hi-index | 0.00 |
Raw mouse movement data can be sniffed via off-the-shelf tools. In this demo, we show that such data, while seemingly harmless, may reveal extremely sensitive information such as passwords. Nonetheless, such a Bluetooth-mouse-sniffing attack can be challenging to perform mainly because of two reasons: (i) packet loss is common for Bluetooth traffic, and (ii) modern operating systems use complex mouse acceleration strategies, which make it extremely difficult, if not impossible, to reconstruct the precise on-screen cursor coordinates from raw mouse movements. To address those challenges, we have conducted an extensive and careful study, over multiple operating systems, on the reconstruction of mouse cursor trajectory from raw mouse data and the inference of privacy-sensitive information - e.g., user password - from the reconstructed trajectory. Our experimental data demonstrate the severity of privacy leaking from un-encrypted Bluetooth mouse. To the best of our knowledge, our work is the first to retrieve sensitive information from sniffed mouse raw data. Video links of successful replay attack for different target OS are given in Section 3.2.