Logitech Wireless USB Dongles Vulnerable To New Hijacking Flaws

A security researcher has publicly disclosed new vulnerabilities in the USB dongles (receivers) used by Logitech wireless keyboards, mice, and presentation clickers. New submitter raikoseagle shares a report: The vulnerabilities allow attackers to sniff on keyboard traffic, but also inject keystrokes (even into dongles not connected to a wireless keyboard) and take over the computer to which a dongle has been connected. When encryption is used to protect the connection between the dongle and its paired device, the vulnerabilities also allow attackers to recover the encryption key. Furthermore, if the USB dongle uses a "key blacklist" to prevent the paired device from injecting keystrokes, the vulnerabilities allow the bypassing of this security protection system. Marcus Mengs, the researcher who discovered these vulnerabilities, said he notified Logitech about his findings, and the vendor plans to patch some of the reported issues, but not all.

Always Vulnerable

[mentil]

Stuff like this is why I refuse to use wireless keyboards/mouses, and insisted on a USB keyboard for my tablet.

Re:

[dgatwood]

It's not necessary to eschew all wireless devices, just those that use proprietary protocols. Bluetooth's encryption is well-vetted.

Bluetooth is not that much better.

[Anonymous Coward]

Just because it's encryption is good, does not mean that Bluetooth does not have it's problems. Look up the Terms BlueBorne, Btlejacking, and BleedingBit.

There are plenty of problems to go around, proprietary or standard based...

Re:

[dgatwood]

By Bluetooth, I mean Bluetooth Classic — the technology used for things like keyboards and mice. Two of the three things on your list are about Bluetooth Low Energy, which is an entirely unrelated technology that just happens to share part of its name with Bluetooth Classic, and is relatively immature.

That said, you're right that Bluetooth has had a few exploits. The difference is that when exploitable bugs in the Bluetooth stack are discovered, they affect all devices across the board, and tend to

Re:

[mentil]

Funny, when I looked into Bluetooth security when I bought my tablet, it seemed that most of the flaws were in specific implementations rather than the standard itself... which isn't comforting at all. Sure the relevant BT version may be secure, but what about the specific implementation I'm using? Who knows!?

Then there are problems with the protocol itself such as forced re-pairing that can be used as DoS even if they manage to secure the keys somehow (which they sent basically to anyone during pairing IIR

Re:

[Applehu Akbar]

Stuff like this is why I refuse to use wireless keyboards/mouses, and insisted on a USB keyboard for my tablet.

Like someone is going to run ransomware on my Bluetooth keyboard...

Re:

[mentil]

No, it'd do a badUSB-style attack where it does e.g. F6->www.mobileransomware.biz->Enter
and thanks to a Chrome vuln I now have ransomware on my tablet.
Or more likely, just keylog my passwords/CC#s.

Link?

[tacarat]

No, really.

Re:Link?

[zilym]

It's in the article titlebar [zdnet.com].

Re:

[idontusenumbers]

https://github.com/mame82/misc... [github.com]

Re:

[wed128]

Hanlon's Razor.

What ever happened to Bluetooth?

[ctilsie242]

Why do we have these things in the first place? Isn't this what Bluetooth is supposed to handle, in a known and secure manner? I can understand USB dongles a few years ago when BT wasn't common, but almost everything has it, and the pairing process has stood the test of time when it comes to security.

If Logitech has to make a dongle, why not a very good, BT 5.1 dongle, and just use that? This way, it isn't yet another crypto standard that the blackhats will cheerfully break.

Re:What ever happened to Bluetooth?

[EvilSS]

Because it's taken a while for BT to catch up. Logitech actually did switch to BT years ago (including BT dongles), but latency and connectivity issues made them to go back to using their own protocols. I had some of those Bluetooth mice and keyboards and they did suck balls compared to the proprietary dongles. Some recent mice (MX Master 2S and MX Anywhere 2 for example) are again supporting both so hopefully we'll see the dongles die off for good.

Re:

[pgmrdlm]

I just picked up a blue tooth mouse and keyboard for a tablet I have. It's a LogiTech. I don't have any problems with it. There might be a lag the first time I use it after it has been sitting. But after that, no lag at all.

Re:

[tlhIngan]

Because it's taken a while for BT to catch up. Logitech actually did switch to BT years ago (including BT dongles), but latency and connectivity issues made them to go back to using their own protocols. I had some of those Bluetooth mice and keyboards and they did suck balls compared to the proprietary dongles. Some recent mice (MX Master 2S and MX Anywhere 2 for example) are again supporting both so hopefully we'll see the dongles die off for good.

Bluetooth works, kinda sorta.

I've used Bluetooth keyboard f

Re:

[Shikaku]

https://www.bluetooth.com/deve... [bluetooth.com]

Re:

[bobbied]

Bluetooth is fast enough for keyboards and mouse input. The Human running the device is a whole lot slower than Bluetooth.

Personally, I have issues with Bluetooth only when I'm running audio devices along side my mouse and keyboard, when I'm too far away to get a quality signal from the device I'm controlling or there are multiple Bluetooth devices in the general area. Even then, it's not delay that's the issue, but drop outs and hiccups.

Re: What ever happened to Bluetooth?

[peppepz]

Gaming consoles use Bluetooth for their controllers. This means that Bluetooth is fast enough for timing-sensitive activities.

Re:

[Luckyo]

30 FPS also provides for a proper cinematic experience, and 60FPS looks unnatural and shouldn't be used in games. Which is why consoles are so well optimized for it.

And no, bluetooth is not fast enough for gaming peripherals, especially of the kind used to aim in twitch shooters like counterstrike. Latency is pretty horrendous, and will impact aim.

Re:

[Luckyo]

No, I'm merely mocking the idiotic suggestion that "consoles are fast enough for gaming", when they're "bare minimum possible to enable gaming". Latency on consoles is typically several times that of a decent gaming PC, as typical TV alone has horrendous input latency compared to monitors. And yes, bluetooth peripherals also have at least twice the latency of your typical gaming PC peripherals operating off wired connection if not more. Not to even mention input latency necessarily generated by the "cinemat

Re:

[Gojira Shipi-Taro]

HID for controllers is a bit different from the klunkier keyboard proto apparently. That or bluetooth keyboard manufacturers, realizing that no serious gamer uses a fucking chicklet keyboard to game, don't worry too much about it and cheap out. I use a wireless keyboard for my Nvidia Shield connected to my home theatre setup... and no place else.

One-time physical access though...

[mark-t]

... After which the data can still be sniffed wirelessly.

Re:

[EvilSS]

According to the article, three out of the four exploits described require physical access to the keyboard or the keyboard dongle. I don't think that it's noteworthy when a system is vulnerable to an attack by someone using the keyboard.

Only once. Which means with a few minutes of alone time with a target PC you could keylog the machine with zero ability for the PC owner to detect it. That is a pretty big deal, especially in an office environment.

Re:

[EvilSS]

Except in this case, the exploit leaves the PC completely pristine. That is the dangerous part here. There is no software installed and no rogue hardware. Forensically, it's impossible to tell it was tampered. As for data exfiltration, not all bad actors are outsiders. Employees, contractors, customers. There are plenty of people who would have reason to have physical proximity.

Re:

[Luckyo]

A few minutes alone with a target PC should be more than enough to insert payload that modifies bios, at which point there would be zero ability for PC owner to detect it as well and it would offer a lot more functionality than ability to sniff on keyboard inputs by remaining in range.

Re: Most of these exploits require physical access

[fuzzyfuzzyfungus]

Do they require physical access while the dongle is connected to the target computer?

An attack that requires grabbing someone's computer is one thing; but you can obtain unattended peripherals and dongles quite trivially by, say, being the janitor at your average cube farm(people either leave them plugged into their docks or take the dongle and mouse home and leave the keyboard); and I suspect that the supply chain for cheap peripherals isn't exactly tightly secured.

My paranoid schizophrenic friend was right

[Seven Spirals]

I have several friends and family who suffer from schizophrenia. They are not "crazy" in general, they just have difficultly sometimes distinguishing reality from fantasy or understanding the relative importance or priority of events in their lives. Most of the time, the things my friend will say when he's really upset are just ideas/fears he's got manifesting in extreme ways. However, one time he called me after a bit to drink and said he'd thrown away all his wireless devices. He threw away two sets of mo

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[account_deleted]

Comment removed based on user account deletion

Don't throw away your Unifying keyboards yet

[peppepz]

The attacks require either physical access or the interception of the pairing process (which doesn't even take place most of the times, because Unifying devices are typically sold with a pre-paired receiver).

Re:

[huiac]

Mostly correct, but it's not clear that receivers are "pre-paired" with the devices they are sold with. My assumption was always that the devices are sold "blank", and firmware tells them to automatically pair with the first device that asks; "combo" devices may get slightly different firmware (s/first/first and second/), but it seems simpler, cheaper and more reliable than programming IDs into each one, then making sure they get packed together.