A vulnerability in how Logitech mice and keyboards connect to their USB dongles allows users to attack. A security research has warned how hackers can see passwords being written and take control of the computer.
The error is part of Logitech's proprietary Unifying technology, which uses the 2.4 GHz radio frequency to have devices such as mice, keyboards, trackballs and Presenter clicks communicating with a small Bluetooth dongle connected to the computer's USB port.
When hacked in, this connection can be used by an attacker to take control of the target mouse and keyboard (while leaving a laptop unattended in a cafe or airport, for example), or even "sniff" the data that goes from a keyboard to the computer. This means that an attacker could see your passwords and private messages as you type them.
Security researcher Marcus Mengs publicly reported the vulnerability last week, after Logitech said it would make software updates to fix some, but not all the problems he found. The exploits are the same as the 201
<img alt = "Photo of a Logitech wireless mouse and keyboard dongle  Unifying devices identified with orange logo Logitech
Logitech has been using Unifying technology in wireless mice and keyboards for a decade, After introducing it back in 2009. Unifying devices can be identified thanks to an orange star printed on one side of the USB dongle, these dongles are small and often traced in the wireless mouse to make it easier when they travel.
Due to weak encryption between the device and the USB dongle, it is possible for an attacker to burst into the communication link between the keyboard and computer during the Bluetooth pairing process. a moment of physical access, just by unplugging the USB dongle and plugging it back in – working in a few seconds while a laptop we left unattended, for example in a library. 19659002] Mixed said about the vulnerability: "With the stolen key, the attacker can inject arbitrary keystrokes, in addition to canceling and living decrypting the keyboard input remotely … Logitech confirmed that no update will be provided for this new vulnerability. "
As pointed out by ZDnet, when Google was exposed to a similar vulnerability, where hackers could attack a computer via weak Bluetooth security in the company's Titan security key, the search giant released a worldwide recall.
GearBrain TV: How to secure smart devices