Logitech Hardware – Vulnerability still Exploitable!

M.Sc. Chris Wojzechowski

Logitech Hardware – Vulnerability still Exploitable!

The latest firmware update is intended to close a security hole in Logitech hardware devices that allows access to wireless keyboards or mice. However, the update did not completely close this vulnerability.

Take advantage of the Logitech security patch

The patch prevents the encryption key from being read out via USB. For this the attacker needs a short access to the computer to read this code. The code is used to encrypt the various commands. This encrypts the communication between the computer and the radio.

Due to the patch it is no longer possible to read the code from the unifiying receiver via USB, so the firmware update is successful under this aspect.

Vulnerability of Logitech Hardware

The security patch itself is currently secure and offers no known vulnerability. However, Logitech has forgotten in the firmware update that the attacker can reset the system to an older version.

If the attacker succeeds in resetting the system to an older firmware, he can exploit the known vulnerability and read the encryption key via USB. Since it is possible to reset the firmware, the firmware update is invalid. The only disadvantage that the attacker now has is that he now needs about 30 seconds access to the computer instead of 1 second.

The Danger for Logitech Hardware Users

If someone has managed to copy their own encryption code, they can now read all the commands I give to the radios. The attacker can do this because he can read the encrypted communication between my radios and the computer when he is in the environment.

The encryption code can decrypt the communication and the attacker can read the commands in plain text. The bigger problem is that the attacker can now send his own commands. He can encrypt these commands with the encryption code and the computer then processes these commands. This gives an attacker full access via their own radios.

Your own Logitech security patch

If you are interested in what such an attack looks like live and what possibilities an attacker has now, then you should take a look at our live hacking page. We will show you live how fast the attack works and what can happen after a successful attack, both from the attacker’s and the victim’s point of view. In addition, we present some of the ways Live can protect you against such an attack.

To avoid becoming a victim of such an attack, you should follow the advice below:

  • Protect devices from unauthorized access (do not allow anyone else to access your computer)
  • Lock your computer (30 seconds is enough, so lock your computer when leaving the room)
  • Keep your devices up to date (known vulnerabilities will be closed by updates)

 

Photo of author

M.Sc. Chris Wojzechowski

My name is Chris Wojzechowski and I studied my Master in Internet Security in Gelsenkirchen a few years ago. I am one of two managing directors of AWARE7 GmbH and a trained IT Risk Manager, IT-Grundschutz practitioner (TÜV) and possess the test procedure competence for § 8a BSIG. Our bread and butter business is performing penetration testing. We are also committed to promoting a broad understanding of IT security in Europe, which is why we offer the majority of our products free of charge.
AWARE7 GmbH - Logo

+49 (0) 209 - 8830 6760

info@aware7.de

Google Plus Code F4X5+M2

Company

AWARE7 GmbH
Munscheidstr. 14
45886 Gelsenkirchen
Imprint | Privacy

About us
Open positions

Resources

Free e-learning
Downloads
Projects