
Logitech keyboards and mice vulnerable to extensive cyber attacks - jhoh
https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html
======
rasz
> CVE-2019-13053, an attacker can inject any keyboard input into the encrypted
> radio traffic of the Unifying keyboards without knowing the crypto key used.
> To do this, the attacker only needs to have temporary access to the keyboard
> in order to press some keys.

or you know, ask the nice bank lady to type this "magic key combination" for
you. Yes darling my name is little bobby tables.

>CVE-2019-13052 is not being addressed either. The attacker can decrypt the
encrypted communication between the input devices if he has recorded the
pairing process.

Oh dear, did the keyboard I am currently jamming stopped working? I have same
model! my son/nephew told me you need to pair them. Ill just sit here
patiently while you do that.

~~~
jbob2000
> CVE-2019-13053

Is there a word for this type of exploit: I wrap a bicycle in wrapping paper.
You don't need to take off the wrapping paper to know that what it covered was
a bike.

That's pretty much what this exploit is, no? You press a key on a keyboard, it
sends a radio signal. If I know what key you pressed, I can associate that key
press with the "shape" of the signal.

~~~
rasz
known plaintext attack

------
Sahhaese
This is actually interesting from the perspective of fairness in e-sports.
It's been rumoured that professional players could "cheat on LAN" by side-
loading cheat software through modified hardware supplying custom 'drivers'.

If the hardware itself has vulnerabilities it could be used to mask the cheat
loading and make it harder for the host PCs to detect if any of that side-
loading is happening.

------
tatersolid
Anybody know of secure alternatives?

It seems these wireless keyboards are all made as cheaply as possible.
Microsoft advertises "AES security" for their wireless keyboards and mice,
with a pre-paried USB dongle. But since they run on 27 MHz via a custom USB
dongle I assume it's a proprietary protocol (and therefore likely quite
insecure). Bluetooth might be a bit better but still has limited range for
conference-room use.

------
blinky1456
Requiring physical access to the keyboard by the attacker first, makes this
less impactful.

With physical access the they keyboard/computer, they could plant any other
number of devices/bugs or extract information.

~~~
molticrystal
Once you are at physical access, you can go to town. Optical surveillance and
even recording the sound of the keys being stroked to calibrate[0] an acoustic
cryptoanalysis algorithm.[1]

[0]
[https://www.schneier.com/blog/archives/2005/09/snooping_on_t...](https://www.schneier.com/blog/archives/2005/09/snooping_on_tex.html)
[new algorithms require less time]

[1][https://en.wikipedia.org/wiki/Acoustic_cryptanalysis](https://en.wikipedia.org/wiki/Acoustic_cryptanalysis)

