Have you ever wished you could use Jedi mind powers to speed up your boring professor’s PowerPoint presentation? Or force the words “Happy Birthday Jennifer!” suddenly to appear on his screen? Now you can, thanks to Dutch researcher Niels Teusink, who combined an Arduino board and Metasploit software to demonstrate how to hack a presenter’s computer by hijacking his remote.
Sure it’s a crime, but now that he’s released the source code, you could just say it was a Computer Science project gone astray…
At the beginning of this year, I started to look at the security of wireless presenters. The one I had, a Logitech R-R0001, is a 2.4Ghz presenter. I used it while giving my talk at HAR2009 last summer, so I was curious about the risks involved with its use. When you plug the accompanying USB dongle into your laptop, a new keyboard is detected, you can then use the presenter to control your Powerpoint presentation. So basically a wireless presenter is just a wireless keyboard with only a couple of buttons. For example: If you press the ‘next slide’ button, the computer the dongle simulates a page-down keystroke and Powerpoint displays the next slide. On of the things that worried me was: could someone in the audience send a ‘next slide’ command to the dongle in order to go to the next slide before I wanted to do so? Or worse: could he send random keystrokes to my laptop (after all, the device is a keyboard!). Wouldn’t it be fun if you could make a random message appear on Steve Jobs’ (or Steve Ballmer’s) screen when he’s giving his latest keynote? Needless to say doing so may be a criminal offence in your country.
In short: yes you can. Someone in the audience can control the slides and can send any keystroke you want to the victim, as if they were sitting at the keyboard. You can build a device to do this using an Arduino and a wireless module for about €30.
http://blog.teusink.net/2010/07/hacking-wireless-presenters-with.html