Logitech Wireless Keyboards, Mice Vulnerable to Hijacking Flaws, Company Won’t Patch All: Report

Logitech is leaving at least two vulnerabilities unpatched as fixes would likely impact device functionality.

Advertisement
By Gaurav Shukla | Updated: 9 July 2019 18:41 IST
Highlights
  • All Logitech USB receivers with Unifying radio tech are affected
  • The company has been using Unifying radio tech since 2009
  • Logitech recommends keeping USB receivers and connected machines safe
Logitech Wireless Keyboards, Mice Vulnerable to Hijacking Flaws, Company Won’t Patch All: Report

Logitech will release fixes for two vulnerabilities in August this year

A security researcher has found vulnerabilities in the USB receivers used by Logitech wireless keyboards, mice, and presentation clickers. These vulnerabilities can allow a malicious party to not only eavesdrop on keystrokes, but also inject their own keystrokes, letting them effectively take over the computer connected to the USB receiver. According to an online report, all Logitech wireless input devices using Unifying radio technology are affected by the vulnerabilities. The company has been shipping products using Unifying radio technology since 2009.

According to a report in German publication c't, security expert Marcus Mengs identified the Logitech vulnerabilities and he has been working with the company to get them patched. However, it seems company will not be patching all the issues, just some of them, as patching all would likely impact the compatibility between devices using Unifying radio technology.

Logitech uses Unifying radio technology in a number of products, ranging from entry-level devices to high-end models. The technology allows up to six compatible input devices to be used with a single Unified receiver. The affected USB receivers can be easily identified by looking for a small orange star logo.

c't writes that there are two key vulnerabilities that Logitech doesn't plan to fix - CVE-2019-13053 and CVE-2019-13052. While the CVE-2019-13053 vulnerability lets an attacker to inject any chosen keyboard input into the encrypted radio traffic without knowing the cryptographic key used, the CVE-2019-13052 flaw can allow an attacker to decrypt the encrypted communication between the input devices and the host computer, if they have recorded the pairing between input device and host computer.

Advertisement

Logitech does plan to patch CVE-2019-13055 and CVE-2019-13054 vulnerabilities in a fix that will be released in August. Both vulnerabilities allow an attacker to extract the cryptographic key used by the USB receiver, thereby giving them access to connection.

For other vulnerabilities that the company doesn't plan to patch, it recommends “a computer (with a USB receiver) should always be kept where strangers cannot physically access or manipulate it. In addition, users should take common security measures to make it more difficult for others to access it."

 
Post your comments

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Further reading: Logitech, Unifying Radio Technology
Thousands of Android Apps Are Tracking You, With or Without Your Permission: Study
Airtel Rs. 97 Prepaid Recharge Plan Relaunched to Offer 2GB Data, Unlimited Calls for 14 Days
Advertisement

Related Stories

Logitech G Pro X Superlight 2 Dex, Pro 2 Lightspeed Gaming Mice and Pro X TKL Rapid Keyboard Launched in India
6 November 2024
Logitech M196 Wireless Mouse With Up to 12 Months Battery Life Launched in India: Price, Specifications
23 October 2024
Logitech POP Icon Keys Keyboard and POP Mouse Launched in India: Price, Features
9 October 2024
White House Partners With Amazon, Google and Best Buy for Cybersecurity Labeling Initiative for Smart Devices
19 July 2023
Amazon Prime Day 2023 Sale: From Controllers to Keyboards, Best Deals on Gaming Accessories
16 July 2023

Tech News in Hindi »

More Technology News in Hindi »
Popular on Gadgets
Latest Gadgets
Popular Mobile Brands
#Trending Stories
  1. Samsung Galaxy A26 Review
  2. Lava Bold N1, Lava Bold N1 Pro India Pricing, Specifications Teased
  3. Xiaomi Pad 7 Ultra With XRING 01 SoC and 12,000mAh Battery Launched
  4. Xiaomi 15S Pro With With In-House XRING 01 SoC, 6,100mAh Battery Launched
  5. Vijay Sales Apple Days Sale Brings Discounts on These iPhone, Mac Models
  6. Honor 400 Series With 200-Megapixel Main Camera Debuts
  7. Vibe Coding Platform v0 Is Now Releasing a Web-Dev AI Model
#Latest Stories
  1. Trump Threatens 25 Percent Tariffs on Apple If iPhones Not Made in US
  2. iPhone 16 Pro Max, iPhone 15, MacBook Air (M4) and More Get Discounts During Vijay Sales Apple Days Sale
  3. Anthropic CEO Dario Amodei Says AI Models Hallucinate Less Than Humans: Report
  4. UK Government Updates Crypto Reporting Guidelines, Mandates Collection of Crypto Transaction Data
  5. Acer Swift Neo WIth Intel Core Ultra 5, Up to 32GB RAM Launched in India: Price, Specifications
  6. Elden Ring Film Adaptation in the Works at A24 With Alex Garland Set to Direct
  7. Noise Buds F1 TWS Earbuds With IPX5 Rating, Up to 50-Hour Total Playback Time Launched in India
  8. News Media Alliance Issues Statement on Google’s AI Mode, Calls It ‘Definition of Theft’
  9. Honor Pad 10 With Snapdragon 7 Gen 3 SoC, 10,100mAh Battery Launched: Price, Specifications
  10. Lava Bold N1, Lava Bold N1 Pro India Launch Teased; Pricing, Specifications Revealed
Gadgets 360 is available in
Follow Us
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.