• Home
  • Laptops
  • Laptops News
  • Logitech Wireless Keyboards, Mice Vulnerable to Hijacking Flaws, Company Won’t Patch All: Report

Logitech Wireless Keyboards, Mice Vulnerable to Hijacking Flaws, Company Won’t Patch All: Report

Logitech is leaving at least two vulnerabilities unpatched as fixes would likely impact device functionality.

Share on Facebook Tweet Share Reddit Comment
Logitech Wireless Keyboards, Mice Vulnerable to Hijacking Flaws, Company Won’t Patch All: Report

Logitech will release fixes for two vulnerabilities in August this year

Highlights
  • All Logitech USB receivers with Unifying radio tech are affected
  • The company has been using Unifying radio tech since 2009
  • Logitech recommends keeping USB receivers and connected machines safe

A security researcher has found vulnerabilities in the USB receivers used by Logitech wireless keyboards, mice, and presentation clickers. These vulnerabilities can allow a malicious party to not only eavesdrop on keystrokes, but also inject their own keystrokes, letting them effectively take over the computer connected to the USB receiver. According to an online report, all Logitech wireless input devices using Unifying radio technology are affected by the vulnerabilities. The company has been shipping products using Unifying radio technology since 2009.

According to a report in German publication c't, security expert Marcus Mengs identified the Logitech vulnerabilities and he has been working with the company to get them patched. However, it seems company will not be patching all the issues, just some of them, as patching all would likely impact the compatibility between devices using Unifying radio technology.

Logitech uses Unifying radio technology in a number of products, ranging from entry-level devices to high-end models. The technology allows up to six compatible input devices to be used with a single Unified receiver. The affected USB receivers can be easily identified by looking for a small orange star logo.

c't writes that there are two key vulnerabilities that Logitech doesn't plan to fix - CVE-2019-13053 and CVE-2019-13052. While the CVE-2019-13053 vulnerability lets an attacker to inject any chosen keyboard input into the encrypted radio traffic without knowing the cryptographic key used, the CVE-2019-13052 flaw can allow an attacker to decrypt the encrypted communication between the input devices and the host computer, if they have recorded the pairing between input device and host computer.

Logitech does plan to patch CVE-2019-13055 and CVE-2019-13054 vulnerabilities in a fix that will be released in August. Both vulnerabilities allow an attacker to extract the cryptographic key used by the USB receiver, thereby giving them access to connection.

For other vulnerabilities that the company doesn't plan to patch, it recommends “a computer (with a USB receiver) should always be kept where strangers cannot physically access or manipulate it. In addition, users should take common security measures to make it more difficult for others to access it."

Comments

For the latest tech news and reviews, follow Gadgets 360 on Twitter, Facebook, and subscribe to our YouTube channel.

Gaurav Shukla Paranoid about online surveillance, Gaurav believes an artificial general intelligence is one day going to take over the world, or maybe not. He is a big ‘Person of Interest’ fan. More
Thousands of Android Apps Are Tracking You, With or Without Your Permission: Study
Airtel Rs. 97 Prepaid Recharge Plan Relaunched to Offer 2GB Data, Unlimited Calls for 14 Days
 
 

Advertisement

 

Advertisement

© Copyright Red Pixels Ventures Limited 2019. All rights reserved.