New vulnerabilities have been discovered in Logitech USB receivers

Logitech USB

A security researcher found several vulnerabilities in USB receivers used by logitech keyboards, mice, and presentation selectors.

These vulnerabilities can allow a malicious person to not only follow your keystrokes, but also inject their own keystrokes., allowing you to take advantage of the computer connected to the USB receiver. If encryption is implemented to protect the connection between the media and its paired device, these vulnerabilities also allow attackers to recover the encryption key.

Also, if the USB key uses a "key blacklist" to prevent the docked device from injecting keystrokes, the vulnerabilities allow this security protection system to be bypassed.

These are vulnerabilities found in Logitech USB receivers

According to a report, all Logitech wireless input devices using Unifying radio technology are affected for these vulnerabilities identified by CVE-2019-13052, CVE-2019-13053, CVE-2019-13054 and CVE-2019-13055.

Marcus Mengs, the researcher who discovered these vulnerabilities, said it informed Logitech of its findings and that the vendor planned to fix some, but not all, of the reported issues.

CVE-2019-13052

The CVE-2019-13052 vulnerability can allow a hacker to decrypt the communication with the computer host if they have registered the association between the input device and the host computer.

"With the stolen key, the attacker can add arbitrary keystrokes, as well as trace and decode remote keyboard inputs in real time," Mengs said.

Furthermore, in cases where cybercriminals have lost the keybinding operation, an attacker with physical access to the receiver 'could manually initiate the re-pairing of a device already associated with the receiver, in order to:' obtain the key to encryption of the link simply by disconnecting and reconnecting the key '.

CVE-2019-13053

According to Mengs, like the previous one, This vulnerability allows an attacker to add keystrokes in the encrypted communication stream between a USB key and a Logitech device., even without knowing the encryption key.

The investigator said that the threat actor would need physical access to a device to carry out this attack.

The concept is to press between 12 and 20 keys and it records the encrypted traffic, which then analyzes and retrieves the encryption key.

Since physical access is only needed once, the attacker can collect enough cryptographic data on radio traffic.

"Once the data has been collected, arbitrary keystrokes can be injected," Mengs said.

CVE-2019-13054

This used as the vulnerability impact identifier in the Logitech R500 and Logitech SPOTLIGHT display selectorswhile the CVE -2019-13055 is used for all other Logitech devices that use a Unifying key.

The reason that Logitech's presentation selectors have been classified into separate categories is that the attacker can also bypass the "black key lists" and inject key combinations between A and Z, which, technically, should not be Compatible with display selector devices.

In addition to the four vulnerabilities it discovered in the last few months, Mengs also cautioned that many Logitech Unifying dongles are still vulnerable to the old MouseJack vulnerabilities revealed in 2016.

From the vulnerabilities CVE-2019-13054 to CVE-2019-13055 technically these have the same vulnerability. Since the flaws require physical access by the attacker to a unification key of the Logitech device in order to be exploited successfully.

According to Mengs, the keys come with undocumented commands and inappropriate data protections that allow an attacker to dump the encryption keys stored on the receivers.

The full attack takes a second to execute and once the hacker has the encryption keys, they can detect user keystrokes or inject their own to perform malicious operations and take control of computers.

Logitech informed Mengs that a fix for this issue is planned in August 2019.


The content of the article adheres to our principles of editorial ethics. To report an error click here!.

Be the first to comment

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: AB Internet Networks 2008 SL
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.