There are security vulnerabilities in several Logitech keyboards, mice and wireless presenters. An attacker can both eavesdrop on keystrokes and infect the computer. c’t tells you which products are affected and what you should do now.
Many Logitech wireless input devices are vulnerable to wireless attacks and can pose a security risk. This is the conclusion of security expert Marcus Mengs, with whom c’t has been in contact for quite some time. Mengs has investigated the wireless connections of several Logitech devices and found numerous weaknesses. They affect keyboards, mice as well as wireless presenters.
The vulnerabilities allow the attacker to eavesdrop on keystrokes and record typed mails, passwords and so on. The attacker can also become active himself and send his own key commands to his victim’s computer. And that’s no less dangerous, because it makes it easy to infect the computer with malicious code.
Mengs demonstrates how to infect a system with a backdoor (remote shell) through which he can control the system remotely by radio. The fact that Mengs uses Logitech radio not only to infect the system but also to communicate with the backdoor is particularly piquant. An attacker can thus also access computers that are not connected to a network.