Four new issues have been found that affect all of the Logitech Unifying USB receivers that allow users to connect up to six compatible Logitech devices to their computer. The flaws are caused by outdated firmware in the Logitech USB dongles. All four flaws require physical access to the target computer to exploit the bugs. Out of the four vulnerabilities, Logitech has confirmed that two of the four vulnerabilities will be patched. The two flaws that are going to patched allow an attacker, with physical access, to obtain link encryption keys by dumping them from the vulnerable receiver. The second flaw that will get patched allows for an attacker to eavesdrop on the decrypted radio frequency of the Unifying devices. With the stolen decryption keys, an attacker can also inject arbitrary keystrokes and eavesdrop on keystrokes from connected keyboards. The two flaws that aren’t being patched are when attackers passively obtain Logitech Unifying encryption keys by capturing the pairing procedure. The last flaw would allow an attacker to press a specific key combination, while sniffing the Radio Frequency transmission, to inject arbitrary code and keystrokes into the victim’s computer.
Analyst Notes
Since all of the flaws require physical access to the vulnerable system, physical access to the office is required. Tailgating is a style of physical attack where an attacker is waiting outside of a secured facility and has an authorized person let them into the building. If the building is secured, then employees should only use their access to let themselves into the building and to never allow unknown persons to enter without permission.
