Logitech Wireless Dongle vulnerability - they refuse to fix it
 

Our pals at Ziff Davis exposed all sorts of vulnerabilities in all sorts of their wireless keyboards and mouses

https://www.zdnet.com/article/logite…jacking-flaws/

The Verge picked up the story

https://www.theverge.com/2019/7/14/2…le-hack-hijack

I come to find out there's no patch at least for one of them. The last "Unifying" patch was from 2010.

https://support.logi.com/hc/en-us/articles/360025297913

I believe this issue is going to explode now that it's so public.

Yeah, we really need to move to open and verifiable firmware for our hardware. There are so many devices that are a blackbox security nightmare, especially as we move to "the internet of things".

I don’t see this being a big problem for the average joe. From my brief read of the article, the attacker needs to steal a key at the time of pairing and if they don’t then they need physical access. Most of the other vulnerabilities also required physical access.

It would take quite some planning so be ready at time of pairing and I doubt we’ll see a rash of home invasions so people can have physical access.

I could see this be problematic for commercial and business environments though.

Again I quickly read the article so I could have missed something and I do believe Logitech should fix all known vulnerabilities but it doesn’t seem to be a dire situation.