A research performed by IT security services specialists has revealed new vulnerabilities in the USB receivers used by Logitech for some of its products, such as wireless keyboards, mousses and laptop clickers (used for slide transition during a presentation).
If exploited, these flaws would allow a threat actor to track the traffic of these devices, generate inadvertent clicks on computer equipment, and control it using this receiving device (also called dongle).
Attackers can also exploit vulnerabilities to recover encryption keys when the connection between the dongle and the device the user has paired is encrypted, IT security services experts say. On top of that, if the USB dongle has a key “blacklist” to prevent unauthorized access, attackers can bypass this protective measure by exploiting reported flaws.
Researchers who discovered these vulnerabilities claim that their findings were reported to Logitech, although not all errors may be corrected.
The vulnerabilities affect all Logitech USB dongles that use the company’s patented Unifying 2.4 GHz radio technology for wireless device communication. Unifying is one of Logitech’s standard radio technologies, and has been implemented on a variety of these devices.
To find out if your Logitech devices are exposed to exploiting these vulnerabilities, you can check if the device has an orange star printed on one side, which is the hallmark of Unifying technology, as shown below:
IT security services experts say that if a hacker can capture the pairing process between the dongle and the wireless device, it will also be able to retrieve the key used to encrypt traffic between the two objects.
According to the experts from the International Institute of Cyber Security (IICS), threat actors can use the stolen key to inject arbitrary keystrokes into a wireless keyboard, listen to keyboard activity, and decrypt the keys used by the device.
All Logitech Unifying USB dongles that support a keyboard input function are affected. This includes both Logitech wireless keyboards that use Unifying dongles, as well as MX Anywhere 2S mouse dongles, which can also accept keyboard input.
He is a well-known expert in mobile security and malware analysis. He studied Computer Science at NYU and started working as a cyber security analyst in 2003. He is actively working as an anti-malware expert. He also worked for security companies like Kaspersky Lab. His everyday job includes researching about new malware and cyber security incidents. Also he has deep level of knowledge in mobile security and mobile vulnerabilities.