• Home
  • Apps
  • Apps News
  • Logitech Updates 'Options' Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates 'Options' Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Share on Facebook Tweet Snapchat Share Reddit Comment
Logitech Updates 'Options' Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Options app is designed to let you customise your mouse, keyboard, or touchpad

  • Logitech has released Options app version 7.00.564
  • Google's Project Zero team reported the security flaw in September
  • Logitech confirms the fix of the bug

Logitech Options, the app that is designed to enable customisation of Logitech mice, keyboards, or touchpads, has now received a security patch. The patch essentially fixes a security flaw that was allowing attackers to inject arbitrary keystrokes and send system commands - all through gaining remote access. Google's Project Zero security team intimated the Logitech team about the bug back in September. However, Logitech released Options 7.00.564 on Friday to ultimately address security concerns. A Google security researcher had already detailed the flaw in a bug report, before the patch arrived, thanks to the 90 days deadline expiring.

Google security researcher Tavis Ormandy in his bug report states that the Logitech Options was opening a WebSocket server on systems on which it's installed without any origin checking process. That made the app vulnerable to keystroke injection attacks. "The only 'authentication' is that you have to provide a PID [process ID] of a process owned by your user, but you get unlimited guesses so you can bruteforce it in microseconds," explained Ormandy in the report.

"After that, you can send commands and options, configure the 'crown' to send arbitrary keystrokes, etc, etc."

Alongside raising the bug report, Ormandy personally reported the issue to the Logitech engineers in mid-September. Logitech acknowledged the flaw soon upon receiving its report. However, the company took over three months to bring its patch - more than Google Project Zero's 90-day deadline for public disclosure. It did bring an updated Options app on October 1, but that update didn't include any fixes for the reported security issues, as the security researcher wrote in a comment to his bug report on the Chromium site.

"This now past deadline, so making public," said Ormandy. "I would recommend disabling Logitech Options until an update is available."

Soon after the bug report became public, it gained some attention among security researchers and finally pushed Logitech to release the patch.

"The release of Logitech Options 7.00, which addresses Origin checks and type checking, is now live and can be downloaded for Windows and Mac," Logitech tweeted on Friday to confirm the fix.

You can download the updated Options app on your PC to start customising your Logitech mouse, keyboard, or touchpad. The app supports devices such as MX Vertical, MX Ergo, MX Anywhere 2S, K600 TV Keyboard, MK850 Performance, MK540 Advanced, and MX900 Performance Combo for customisations.


For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel.

Further reading: Logitech Options, Logitech
Jagmeet Singh Jagmeet Singh writes about consumer technology for Gadgets 360, out of New Delhi. Jagmeet is a senior reporter for Gadgets 360, and has frequently written about apps, computer security, Internet services, and telecom developments. Jagmeet is available on Twitter at @JagmeetS13 or Email at jagmeets@ndtv.com. Please send in your leads and tips. More
Asus ZenFone Max Pro M2 vs Redmi Note 6 Pro vs Realme 2 Pro: Price in India, Specifications Compared
Google Chromebooks Get Better Parental Controls With Improved Family Link App



© Copyright Red Pixels Ventures Limited 2020. All rights reserved.
Listen to the latest songs, only on JioSaavn.com