Permalink
Switch branches/tags
Nothing to show
Find file Copy path
Fetching contributors…
Cannot retrieve contributors at this time
66 lines (33 sloc) 1.58 KB
Bastille Threat Research Team Tracking Number 11
Document version: 1.0
Overview
In order to address a previously reported unencrypted keystroke injection vulnerability, Logitech
released updated firmware for the C-U0007 and C-U0008 Unifying USB dongles. The firmware updates fail
to mitigate unencrypted keystroke injection attacks on several computer configurations.
Affected Platforms
The following products have been tested and shown to be affected:
- Logitech K400r
- Logitech Unifying Dongle C-U0007
- Firmware version 012.005.00028
- USB ID 046d:c52b
- Logitech Unifying Dongle C-U0008
- Firmware version 024.003.00027
- USB ID 046d:c52b
Impact
On a computer with a clean install of Windows 10, a Unifying dongle with the latest firmware does not
accept unencrypted keystrokes. However, there are several situations in which keystroke injection still
works:
1. When Logitech SetPoint is installed on Windows, keystroke injection starts working again. Tested on
Windows 10.
2. Keystroke injection works on Linux. Tested on Ubuntu 14.04, Ubuntu 15.04, and Ubuntu 16.04.
3. Keystroke injection works on OS X. Tested on OS X Yosemite.
Mitigation
Exploiting this vulnerability involves transmitting RF packets to a Logitech Unifying dongle, which
requires physical proximity to the target computer.
Suggested Solutions
Update the USB dongle firmware to prevent unencrypted keystrokes from being sent to the host computer.
Test Environment
Keystroke injection was tested using a nRF24LU1+ based USB dongle, transmitting to affected Unifying
dongles.
Credits
Marc Newlin