Logitech wireless USB dongles vulnerable to cyber attack

A large range of Logitech wireless input devices are vulnerable to attack and can pose a significant security risk. With this hack, not only can attackers eavesdrop on keystrokes, but they can also infect the host system.

Security expert Marcus Mengs investigated the wireless connections of several Logitech devices and uncovered numerous weaknesses.

The vulnerable hardware includes wireless Logitech keyboards, mice, and remote controls known as wireless presenters.

With this vulnerability allowing an attacker to eavesdrop on keystrokes, everything an affected user types is readily available to the hacker. This could include passwords, emails, and sensitive documents.

An attacker can even send a command to the victim’s computer and infect the computer with malicious code, should the attacker choose to do so.

Mengs demonstrated the hack by showing how to infect a system with a backdoor (remote shell) through which he can control the system remotely by radio. To do this he simply piggybacked on the wireless Logitech connection in order to infect the system and communicate with the backdoor. This method means that computers that are not online can also be controlled.

Logitech devices that use Unifying radio technology are affected. Unifying is used across Logitech’s product range and has been available on the market since 2009.

Logitech Wireless USB receivers that are vulnerable can be recognized by a small orange star logo.

Wireless gaming products of the LIghtspeed series and the Wireless Presenters R500 and Spotlight are also vulnerable to this hack. They use a related radio technology. The Presenter R400, R700, and R800 are not vulnerable to this particular hack.

Logitech has confirmed that they plan to resolve some of the security issues that Mengs reported, but not all. In order to have a complete fix, the company could potentially jeopardize compatibility between Unifying products.

Fixes will be released by Logitech in August.

To protect yourself from attack, update your wireless Logitech devices to the latest firmware available. To do that, you’ll need to use the Logitech Firmware Update Tool SecureDFU, which is available for Windows 7, 8, and 10.

You can find the update tool at support.logitech.com.

It will also be important to update again when the patch comes out in August.

As always, if we can be of help with your network or computer, give us a call here at RHYNO Networks. (855) 749-6648