Four new issues have been found that affect all of the Logitech Unifying USB receivers that allow users to connect up to six compatible Logitech devices to their computer. The flaws are caused by outdated firmware in the Logitech USB dongles. All four flaws require physical access to the target computer to exploit the bugs. Out of the four vulnerabilities, Logitech has confirmed that two of the four vulnerabilities will be patched. The two flaws that are going to patched allow an attacker, with physical access, to obtain link encryption keys by dumping them from the vulnerable receiver. The second flaw that will get patched allows for an attacker to eavesdrop on the decrypted radio frequency of the Unifying devices. With the stolen decryption keys, an attacker can also inject arbitrary keystrokes and eavesdrop on keystrokes from connected keyboards. The two flaws that aren’t being patched are when attackers passively obtain Logitech Unifying encryption keys by capturing the pairing procedure. The last flaw would allow an attacker to press a specific key combination, while sniffing the Radio Frequency transmission, to inject arbitrary code and keystrokes into the victim’s computer.
12 Essentials for a Successful SOC Partnership
As cyber threats continue to impact businesses of all sizes, the need for round-the-clock security