"With the stolen key, the attacker is able to inject arbitrary keystrokes (active), as well as to eavesdrop and live decrypt keyboard input remotely (passive)," added the researcher. The two flaws that will not be fixed according to Logitech, CVE-2019-13052 and CVE-2019-13053, also require attackers to have physical access and both of them impact all Logitech Unifying devices.Įxploiting the CVE-2019-13052 vulnerability will enable attackers to "passively obtain Logitech Unifying link encryption keys by capture of pairing" between the receiver and the Logitech wireless device as detailed by Mengs. RF injection with bypass of alpha key blacklisting (could be done as often as needed, once AES key is dumped) /yQTUCTVTdj Fix 2: Check NBA 2K server status Server maintenance and other related issues can. steal AES key (undisclosed vulnerability, one time physical access) Keystroke injection into encrypted R500 presentation clicker While the researcher says that the attacks are limited by the fact that "the receiver of affected presentation remotes filters out some keys, like A to Z," according to the NVD advisory, "on Windows, any text may be injected by using ALT+NUMPAD input to bypass the restriction on the characters A through Z." Logitech Unifying vulnerability - extracting AES keys of all paired devices from a (fully patched dongle) in less than a second, followed by live RF sniffing and decryption.ĭetails in following tweets /IoDue4cqJhĪ video demo of a CVE-2019-13054 attack is also provided by Mengs, showing how a Logitech R500 presentation clicker makes it possible for attackers to discover the AES key, allowing them to launch a keystroke injection attack.
"Additionally, there is no need to discover the device "on air" to carry out a keystroke injection attack, as the address is pre-known from the extraction (targeted attack possible, the actual device doesn't have to be in range - only the receiver)."
This applies to all encrypted Unifying devices with keyboard capabilities (f.e. 0 Comments Anonymous SOURCE: The RF modulator probably had a red, white, yellow trio of RCA jacks (A/V jacks), a coax jack marked antenna and another coax jack marked TV Putting the DVD output to the A/V jacks allowed it to play out to the TV, which couldnt otherwise accept the DVD player. "With the stolen key, the attacker is able to inject arbitrary keystrokes (active), as well as to eavesdrop and live decrypt keyboard input remotely (passive).
The CVE-2019-13054 (impacts Logitech R500, Logitech SPOTLIGHT) and CVE-2019-13055 (affects all encrypted Unifying devices with keyboard capabilities) security flaws that Logitech plans to patch allow attackers with physical access to the targeted machine to "actively obtain link encryption keys by dumping them from receiver of Unifying devices."Įxploiting CVE-2019-13055 was demonstrated by Mengs in a demo attack against a Logitech K360 keyboard through which he was able to dump AES keys and addresses from all paired devices, subsequently allowing for eavesdropping on and decrypting of Radio Frequency (RF) transmissions in real-time.