Security and privacy seem like useful footnotes here, too. The security situation with standard wireless protocols has improved to “acceptable” in recent years, but right as soon as you get some one-off link (between your mouse and the proprietary dongle?) then nobody knows how bad the situation is. You’re just trusting the manufacturer to have accomplished a feat that piles of smart people screw up on a regular basis.
I understand that there’s certainly an information-theoretical security flaw, but if there is an attacker who could gain net value by seeing your mouse activity, you should be in a secure facility that prevents eavesdropping and none of the computers allowed in that area should be allowed to have bluetooth trancievers.
If a given dongle can be spoofed into providing arbitrary HID input (or just arbitrary keystrokes, in addition to mouse movement and clicks), that would be a more serious vulnerability.
If a given dongle can be spoofed into providing arbitrary HID input (or just arbitrary keystrokes, in addition to mouse movement and clicks), that would be a more serious vulnerability.
Dongles of bluetooth keyboards certainly can input arbitrary keystrokes. That’s already enough to do basically anything on the computer. For example the tab character can be used to switch between different UI elements and exploits are usually carried out in code and not by manually navigating through files or windows.
Security and privacy seem like useful footnotes here, too. The security situation with standard wireless protocols has improved to “acceptable” in recent years, but right as soon as you get some one-off link (between your mouse and the proprietary dongle?) then nobody knows how bad the situation is. You’re just trusting the manufacturer to have accomplished a feat that piles of smart people screw up on a regular basis.
I understand that there’s certainly an information-theoretical security flaw, but if there is an attacker who could gain net value by seeing your mouse activity, you should be in a secure facility that prevents eavesdropping and none of the computers allowed in that area should be allowed to have bluetooth trancievers.
If a given dongle can be spoofed into providing arbitrary HID input (or just arbitrary keystrokes, in addition to mouse movement and clicks), that would be a more serious vulnerability.
Dongles of bluetooth keyboards certainly can input arbitrary keystrokes. That’s already enough to do basically anything on the computer. For example the tab character can be used to switch between different UI elements and exploits are usually carried out in code and not by manually navigating through files or windows.