Adware

IS-specialist found several vulnerabilities in Logitech USB receivers: there might not be patches

Independent security researcher Marcus Mengs has published information about a series of vulnerabilities in Logitech equipment.

The bugs allow an attacker to intercept data that arrives on a vulnerable device, unnoticeably for the victim to introduce keystrokes and take control over computer.

Mengs’s study deals with USB dongles that connect wireless keyboards, mice, and trackballs to a computer. According to the expert, many users mistakenly consider the input devices themselves to be vulnerable, while the real threat lies in the receiver.

“To imitate keystrokes, the hacker doesn’t need an input device, because he will mask himself. For an attacker required equipment connected to the adapter, only to find out if he has a keyboard input function and whether it encrypts data before sending it to the receiver”, – Mengs explained.

The researcher also stresses that the ability to emulate keystrokes present in many wireless mice, presentation control panels, and other “non-obvious” gadgets. Therefore, the offender can enter data through these receivers. Additionally, in most cases, such an attack is completely invisible to the owner.

According to Mengs, the vulnerabilities affect all Logitech USB dongles that use their own 2.4GHz Unifying radio technology to communicate with wireless devices.

Reference:

Unifying is one of Logitech’s standard dongle radio technology, and has been shipping with a wide array of Logitech wireless gear for a decade, since 2009. The dongles are often found with the company’s wireless keyboards, mice, presentation clickers, trackballs, and more.

Mengs discovered four new vulnerabilities. Bug CVE-2019-13053 allows an attacker, without knowing the key, to fool the dongles that receive data in encrypted form. Technically, this is a new variation of the CVE-2016-10761 vulnerability associated with the reuse of AES CTR counter values.

Unlike the bug of 2016, to exploit a new vulnerability, an attacker would need at least once to gain physical access to the input device. He will have to press from 12 to 20 keys to generate a sufficient amount of encrypted traffic, the decryption of which he knows. Vendor said he was not going to release a patch to this bug.

logitech wireless touch keyboard
Logitech wireless touch keyboard
However, according to Mengs, the old vulnerability in its original form is also still relevant: many adapters are still not updated. As a result of an attack on both vulnerabilities, an attacker could, for example, force a computer to execute malicious code.

CVE-2019-13052 is associated with a weak data exchange mechanism when pairing devices. An attacker can get the encryption keys used by the adapter if it intercepts the information transmitted between the dongle and the input device.

After that, he will be able to monitor all traffic between these devices — for example, read the text typed on the keyboard and send his own commands to the USB dongle. For the user, such intervention will go unnoticed. The expert said that the manufacturer is not going to close this vulnerability.

The bugs CVE-2019-13054 and CVE-2019-13055 are related to undocumented capabilities of the receivers. With their help and with physical access to the target device, an attacker can quickly retrieve the encryption keys. As a result, he will get access to information transmitted from the device, as well as be able to simulate keystrokes himself. Bug CVE-2019-13054 also allows you to bypass the ban on entering alphabetic characters that is present in some consoles for presentations. Developers plan to eliminate this threat in the near future.

Moreover, according to Mengs, many Logitech devices are still vulnerable to attacks from MouseJack bugs. Recalling, in 2016 it turned out that wireless mice allow anyone to connect to the receiver without using encryption.

William Reddy

I am from Ireland. My parents bought me a computer when I was 11, and several month after I have got a virus on this PC. I decided to enter the INSA Centre Val de Loire university after being graduated from the school. This French educational institution was offering a brand-new cybersecurity course. After getting the master degree in cybersecurity, I've started working in as virus analyst in a little anti-malware vendor. In 2018, I've decided to start Virus Removal project. The main target of this site is to help people to deal with PC viruses of any kind.

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

Back to top button