A safety researcher has discovered vulnerabilities within the USB receivers utilized by Logitech wi-fi keyboards, mice, and presentation clickers. These vulnerabilities can enable a malicious social gathering to not solely snoop on keystrokes, but in addition inject their very own keystrokes, letting them successfully take over the pc related to the USB receiver. According to an internet report, all Logitech wi-fi enter units utilizing Unifying radio know-how are affected by the vulnerabilities. The firm has been delivery merchandise utilizing Unifying radio know-how since 2009.
According to a report in German publication c’t, safety professional Marcus Mengs recognized the Logitech vulnerabilities and he has been working with the corporate to get them patched. However, it appears firm won’t be patching all the problems, simply a few of them, as patching all would possible influence the compatibility between units utilizing Unifying radio know-how.
Logitech makes use of Unifying radio technology in various merchandise, starting from entry-level units to high-end fashions. The know-how permits up to six appropriate enter units to be used with a single Unified receiver. The affected USB receivers might be simply recognized by searching for a small orange star brand.
c’t writes that there are two key vulnerabilities that Logitech would not plan to repair – CVE-2019-13053 and CVE-2019-13052. While the CVE-2019-13053 vulnerability lets an attacker to inject any chosen keyboard enter into the encrypted radio visitors with out figuring out the cryptographic key used, the CVE-2019-13052 flaw can enable an attacker to decrypt the encrypted communication between the enter units and the host pc, if they’ve recorded the pairing between enter system and host pc.
Logitech does plan to patch CVE-2019-13055 and CVE-2019-13054 vulnerabilities in a repair that can be launched in August. Both vulnerabilities enable an attacker to extract the cryptographic key utilized by the USB receiver, thereby giving them entry to connection.
For different vulnerabilities that the corporate would not plan to patch, it recommends “a pc (with a USB receiver) ought to at all times be stored the place strangers can’t bodily entry or manipulate it. In addition, customers ought to take widespread safety measures to make it harder for others to entry it.”