Logitech keyboards and mice vulnerable to extensive cyber attacks (opens in new tab)

(heise.de)

43 pointsjhoh6y ago9 comments

9 comments

rasz6y ago

> CVE-2019-13053, an attacker can inject any keyboard input into the encrypted radio traffic of the Unifying keyboards without knowing the crypto key used. To do this, the attacker only needs to have temporary access to the keyboard in order to press some keys.

or you know, ask the nice bank lady to type this "magic key combination" for you. Yes darling my name is little bobby tables.

>CVE-2019-13052 is not being addressed either. The attacker can decrypt the encrypted communication between the input devices if he has recorded the pairing process.

Oh dear, did the keyboard I am currently jamming stopped working? I have same model! my son/nephew told me you need to pair them. Ill just sit here patiently while you do that.

NikkiA6y ago

> ask the nice bank lady to type this "magic key combination" for you

If the keys being pressed are not necessary to be specific keys, then you can probably sniff the keypresses from the person ahead of you in the teller's line.

In fact the article makes that sort of clear:

> Alternatively, the hacker could simply observe for a few seconds what the user is typing.

Banks probably still have enough regulation and anti-TEMPEST fear to NOT be using wireless logitech gear though... Well, maybe.

jbob20006y ago

> CVE-2019-13053

Is there a word for this type of exploit: I wrap a bicycle in wrapping paper. You don't need to take off the wrapping paper to know that what it covered was a bike.

That's pretty much what this exploit is, no? You press a key on a keyboard, it sends a radio signal. If I know what key you pressed, I can associate that key press with the "shape" of the signal.

rasz6y ago

known plaintext attack

Sahhaese6y ago

This is actually interesting from the perspective of fairness in e-sports. It's been rumoured that professional players could "cheat on LAN" by side-loading cheat software through modified hardware supplying custom 'drivers'.

If the hardware itself has vulnerabilities it could be used to mask the cheat loading and make it harder for the host PCs to detect if any of that side-loading is happening.

tatersolid6y ago

Anybody know of secure alternatives?

It seems these wireless keyboards are all made as cheaply as possible. Microsoft advertises "AES security" for their wireless keyboards and mice, with a pre-paried USB dongle. But since they run on 27 MHz via a custom USB dongle I assume it's a proprietary protocol (and therefore likely quite insecure). Bluetooth might be a bit better but still has limited range for conference-room use.

1 more reply

blinky14566y ago

Requiring physical access to the keyboard by the attacker first, makes this less impactful.

With physical access the they keyboard/computer, they could plant any other number of devices/bugs or extract information.

molticrystal6y ago

Once you are at physical access, you can go to town. Optical surveillance and even recording the sound of the keys being stroked to calibrate[0] an acoustic cryptoanalysis algorithm.[1]

[0] https://www.schneier.com/blog/archives/2005/09/snooping_on_t... [new algorithms require less time]

[1]https://en.wikipedia.org/wiki/Acoustic_cryptanalysis

DEADBEEFC0FFEE6y ago

Physical access road wireless keyboard, even if the system is physically secured is different. Typing some characters and recording the traffic, on a logged out computer, that totally possible and a lot less suspicious.

j / k navigate · click thread line to collapse

9 comments

rasz6y ago

or you know, ask the nice bank lady to type this "magic key combination" for you. Yes darling my name is little bobby tables.

>CVE-2019-13052 is not being addressed either. The attacker can decrypt the encrypted communication between the input devices if he has recorded the pairing process.

Oh dear, did the keyboard I am currently jamming stopped working? I have same model! my son/nephew told me you need to pair them. Ill just sit here patiently while you do that.

NikkiA6y ago

> ask the nice bank lady to type this "magic key combination" for you

If the keys being pressed are not necessary to be specific keys, then you can probably sniff the keypresses from the person ahead of you in the teller's line.

In fact the article makes that sort of clear:

> Alternatively, the hacker could simply observe for a few seconds what the user is typing.

Banks probably still have enough regulation and anti-TEMPEST fear to NOT be using wireless logitech gear though... Well, maybe.

jbob20006y ago

> CVE-2019-13053

Is there a word for this type of exploit: I wrap a bicycle in wrapping paper. You don't need to take off the wrapping paper to know that what it covered was a bike.

That's pretty much what this exploit is, no? You press a key on a keyboard, it sends a radio signal. If I know what key you pressed, I can associate that key press with the "shape" of the signal.

rasz6y ago

known plaintext attack

Sahhaese6y ago

If the hardware itself has vulnerabilities it could be used to mask the cheat loading and make it harder for the host PCs to detect if any of that side-loading is happening.

tatersolid6y ago

Anybody know of secure alternatives?

1 more reply

blinky14566y ago

Requiring physical access to the keyboard by the attacker first, makes this less impactful.

With physical access the they keyboard/computer, they could plant any other number of devices/bugs or extract information.

molticrystal6y ago

Once you are at physical access, you can go to town. Optical surveillance and even recording the sound of the keys being stroked to calibrate[0] an acoustic cryptoanalysis algorithm.[1]

[0] https://www.schneier.com/blog/archives/2005/09/snooping_on_t... [new algorithms require less time]

[1]https://en.wikipedia.org/wiki/Acoustic_cryptanalysis

DEADBEEFC0FFEE6y ago

j / k navigate · click thread line to collapse