Logitech Unifying Receivers Vulnerable to Key Injection Attacks (Jul 9, 2019)
Security researcher Marcus Mengs has discovered four new vulnerabilities affecting Logitech’s Unifying USB receivers, that allow users to connect multiple wireless Logitech devices to the same computer. Caused by outdated firmware, attackers with physical access to a target computer can enable keystroke records and attacks, as well as take control of the comprised system. With physical access an attacker is able to steal encryption keys from all paired devices, giving them the ability to inject arbitrary keystrokes as well as decrypt keyboard input remotely. Two flaws, CVE-2019-13052 and CVE-2019-13053 will not be patched by Logitech, while CVE-2019-13054 and CVE-2019-13055 will be patched in August 2019.
Recommendation: Users should ensure all firmware is kept up to date with the latest updates. It is also highly important to physically safeguard devices and systems, to prevent an actor from gaining physical access to a system.
Indicators of Compromise (IOCs) associated with this story can be viewed by ThreatStream users here to identify potential malicious activity.