![]() Logitech Unifying vulnerability - extracting AES keys of all paired devices from a (fully patched dongle) in less than a second, followed by live RF sniffing and decryption.ĭetails in following tweets /IoDue4cqJhĪ video demo of a CVE-2019-13054 attack is also provided by Mengs, showing how a Logitech R500 presentation clicker makes it possible for attackers to discover the AES key, allowing them to launch a keystroke injection attack. "Additionally, there is no need to discover the device "on air" to carry out a keystroke injection attack, as the address is pre-known from the extraction (targeted attack possible, the actual device doesn't have to be in range - only the receiver)." This applies to all encrypted Unifying devices with keyboard capabilities (f.e. ![]() "With the stolen key, the attacker is able to inject arbitrary keystrokes (active), as well as to eavesdrop and live decrypt keyboard input remotely (passive). The CVE-2019-13054 (impacts Logitech R500, Logitech SPOTLIGHT) and CVE-2019-13055 (affects all encrypted Unifying devices with keyboard capabilities) security flaws that Logitech plans to patch allow attackers with physical access to the targeted machine to "actively obtain link encryption keys by dumping them from receiver of Unifying devices."Įxploiting CVE-2019-13055 was demonstrated by Mengs in a demo attack against a Logitech K360 keyboard through which he was able to dump AES keys and addresses from all paired devices, subsequently allowing for eavesdropping on and decrypting of Radio Frequency (RF) transmissions in real-time. The Logi Bolt and Logitech Unifying software are used to connect and monitor the battery performance of your Logi Bolt or Logitech Unifying compatible devices. We designed this intentionally to support Logi Bolt compatible devices for a seamless experience, similar to Logitech also installing the Logitech Unifying software. The Logi Bolt and Logitech Unifying software are used to connect and monitor the battery performance of your Logi Bolt or Logitech Unifying compatible devices.By installing and/or updating the latest version of Logitech Options (9.20), the Logi Bolt software is installed automatically Logitech Support basically told me that this is intended behaviorīy installing and/or updating the latest version of Logitech Options (9.20), the Logi Bolt software is installed automatically. ![]() So I contacted support, which you can do if you ask the robot on the logitech website enough questions he cannot answer. This week I checked the latest version, 9.40,86 (), and it installed LogiBolt.Īgain there is a reddit thread () but the official response is just a copy-paste from the previous thread about version 9.20. Now I would think, based on this, that Logitech would stop force-installing LogiBolt in future Logitech Options Versions. ![]() You can safely uninstall the software using these instructions for Windows or macOS. You can keep using Logitech Options 9.20 and remove the Logi Bolt app, if you do not have a Logi Bolt compatible device. We temporarily removed Logitech Options 9.20 and stopped all automatic updates, since we understand that this isn’t the desired experience we want all our customers to have. The Logi Bolt app is used with our latest generation of Logi Bolt wireless products, specifically to pair more than one Logi Bolt product to a single Logi Bolt USB receiver or to replace a Logi Bolt USB receiver. If you installed or updated to Logitech Options 9.20 the new Logi Bolt app would also have been automatically installed and set to run. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |