The Swiss manufacturer Logitech is once again faced with a security gap in its wireless mice and keyboards. In December, a gap in the software Logitech Options had to be closed, which allowed an attack from the Internet. The new gap is in the hardware itself.
The weaknesses of the Logitech keyboard and mouse were uncovered and extensively documented. The problem is from the “Unifying Receiver,” a proprietary dongle that Logitech uses to pair its wireless peripherals. The advantage is that you only need this one receiver for all Logitech devices, but that seems to be the problem: To ensure the compatibility of even older devices compromises have to be made in terms of security.
One of the documented vulnerabilities allows you to permanently engage in the radio communication between the receiver and keyboard by pressing a specific key combination and to inject your own commands. This requires direct access to the corresponding device. This makes a successful attack in your own home unlikely, but in offices, it looks very different. The second gap also belongs to this category: It allows you to record the pairing process and, as a result, decode the radio traffic, ie read all the inputs. Logitech does not want to close both gaps, because this would not guarantee the above-mentioned compatibility.
Other weaknesses that allow decrypting the radio traffic or the introduction of commands, Logitech has already closed in 2016 with a firmware update. However, devices are still delivered that are equipped with older firmware. To make matters worse, Logitech’s update tools sometimes claim the firmware is up to date.
With the Logitech Firmware Updating Tool and the Unifying Software, you can update the firmware, which is currently the current version as follows:
In August Logitech wants to add another security update.
Is it safe to use Logitech Wireless Keyboard and Mouse with the security holes
For home users, the security holes seem to be more theoretical. But the problem can be severe when it comes to an office environment where there is the possibility of unauthorized persons have access to a PC even for a short time. It is advised not to use the Unifying receiver.