Offensive Security

Logitech Hardware – Vulnerability still Exploitable!

Logitech Hardware – Vulnerability still Exploitable!

The latest firmware update is intended to close a security hole in Logitech hardware devices that allows access to wireless keyboards or mice. However, the update did not completely close this vulnerability.

Take advantage of the Logitech security patch

The patch prevents the encryption key from being read out via USB. For this the attacker needs a short access to the computer to read this code. The code is used to encrypt the various commands. This encrypts the communication between the computer and the radio.

Due to the patch it is no longer possible to read the code from the unifiying receiver via USB, so the firmware update is successful under this aspect.

Vulnerability of Logitech Hardware

The security patch itself is currently secure and offers no known vulnerability. However, Logitech has forgotten in the firmware update that the attacker can reset the system to an older version.

If the attacker succeeds in resetting the system to an older firmware, he can exploit the known vulnerability and read the encryption key via USB. Since it is possible to reset the firmware, the firmware update is invalid. The only disadvantage that the attacker now has is that he now needs about 30 seconds access to the computer instead of 1 second.

The Danger for Logitech Hardware Users

If someone has managed to copy their own encryption code, they can now read all the commands I give to the radios. The attacker can do this because he can read the encrypted communication between my radios and the computer when he is in the environment.

The encryption code can decrypt the communication and the attacker can read the commands in plain text. The bigger problem is that the attacker can now send his own commands. He can encrypt these commands with the encryption code and the computer then processes these commands. This gives an attacker full access via their own radios.

Your own Logitech security patch

If you are interested in what such an attack looks like live and what possibilities an attacker has now, then you should take a look at our live hacking page. We will show you live how fast the attack works and what can happen after a successful attack, both from the attacker’s and the victim’s point of view. In addition, we present some of the ways Live can protect you against such an attack.

To avoid becoming a victim of such an attack, you should follow the advice below:

  • Protect devices from unauthorized access (do not allow anyone else to access your computer)
  • Lock your computer (30 seconds is enough, so lock your computer when leaving the room)
  • Keep your devices up to date (known vulnerabilities will be closed by updates)

 

Photo of author

Vincent Reckendrees

Hallo, ich bin Vincent Reckendrees und leite das Team Offensive Services bei der AWARE7 GmbH. In meinem Bachelor und Master Studium habe ich mich auf IT-Sicherheit spezialisiert und BSI zertifizierter IS-Penetrationstester. Meine Leidenschaft gilt Reverse Engineering, Hardware- und Web-Sicherheit. Als Experte für Penetrationstests finde ich Schwachstellen in Systemen und Netzwerken und nutze sie, um realistische Cyberangriffe zu simulieren und Sicherheitsmaßnahmen zu verbessern. Durch Reverse Engineering entdecke ich Fehler und Verbesserungsmöglichkeiten in Software und Hardware. Meine Fähigkeiten in Hardware- und Web-Sicherheit ermöglichen es mir, physische Geräte und Online-Plattformen vor einer Vielzahl von Cyberbedrohungen zu schützen und ihre Integrität und Zuverlässigkeit zu gewährleisten.