muesliJul 8, 2019

Logitech keyboards and mice vulnerable to eavesdropping and remote attacks:

https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html

Logitech keyboards and mice vulnerable to extensive cyber attacks

There are security vulnerabilities in several Logitech keyboards, mice and wireless presenters. An attacker can both eavesdrop on keystrokes and infect the computer. c't tells you which products are affected and what you should do now.

Show threadMans RJul 8, 2019
@fribbledom If I only have a mouse, is it still possible to make it impersonate a keyboard?
Show threadMans RJul 9, 2019
@fribbledom Under Linux, the "unifying receiver" shows up as multiple input devices: Keyboard, Mouse, Consumer Control, and System Control. The mouse device reports only motion and button events. If only the mouse device is used by applications, one would think they might be shielded from injected keypress events. Or if not, modifying the kernel driver to discard non-mouse input from the receiver should be easy enough.
Show threadmuesli

@mansr

Sure, that doesn't mean it can automatically be exploited by sending some magic command to the mouse, though.

You're right though, it should be fairly trivial to block it in the kernel.

Jul 9, 2019 at 7:21pmWeb