Several Logitech keyboards, mice and wireless presenters suffer from security vulnerabilities, Not only can attackers eavesdrop on keystrokes, they can even infect the host system. c’t has established which products are affected and what you should do now.
A large range of Logitech wireless input devices is vulnerable to wireless attacks and can pose a security risk. That is the conclusion of security expert Marcus Mengs, with whom c’t has been in touch for quite some time. Mengs investigation of the wireless connections of several Logitech devices has uncovered numerous weaknesses. They affect keyboards and mice as well as remote controls known as wireless presenters.
The vulnerabilities allow an attacker to eavesdrop on keystrokes from wireless keyboards. Everything an affected user types, from e-mails to passwords, is readily available to the adversary. But it gets worse: An attacker can send any command to the victim’s computer if a vulnerable Logitech-device is installed. And that makes it easy to infect the computer with malicious code without the rightful owner taking notice.
Mengs demonstrates how to infect a system with a backdoor (remote shell) through which he can control the system remotely by radio. In a way, it’s an elegant hack, because he simply piggybacks on the wireless Logitech connection to infect the system and to communicate with the backdoor. That means even computers who are not online are ripe for the hack.