Logitech Wireless Dongle vulnerability - they refuse to fix it

Lucky Day

Lucky Day

Daywatch
Joined
October 19, 2006
Messages
5,215
Location
The Uncanny Valley
Our pals at Ziff Davis exposed all sorts of vulnerabilities in all sorts of their wireless keyboards and mouses

https://www.zdnet.com/article/logitech-wireless-usb-dongles-vulnerable-to-new-hijacking-flaws/

The Verge picked up the story

https://www.theverge.com/2019/7/14/...-wireless-usb-receiver-vulnerable-hack-hijack

I come to find out there's no patch at least for one of them. The last "Unifying" patch was from 2010.

https://support.logi.com/hc/en-us/articles/360025297913

I believe this issue is going to explode now that it's so public.
 
Joined
Oct 19, 2006
Messages
5,215
Location
The Uncanny Valley
Yeah, we really need to move to open and verifiable firmware for our hardware. There are so many devices that are a blackbox security nightmare, especially as we move to "the internet of things".
 
Joined
Nov 8, 2014
Messages
12,085
I don’t see this being a big problem for the average joe. From my brief read of the article, the attacker needs to steal a key at the time of pairing and if they don’t then they need physical access. Most of the other vulnerabilities also required physical access.

It would take quite some planning so be ready at time of pairing and I doubt we’ll see a rash of home invasions so people can have physical access.

I could see this be problematic for commercial and business environments though.

Again I quickly read the article so I could have missed something and I do believe Logitech should fix all known vulnerabilities but it doesn’t seem to be a dire situation.
 
You must log in or register to reply here.
Back
Top Bottom