Logitech keyboards and mice vulnerable to extensive cyber attacks
heise.de> CVE-2019-13053, an attacker can inject any keyboard input into the encrypted radio traffic of the Unifying keyboards without knowing the crypto key used. To do this, the attacker only needs to have temporary access to the keyboard in order to press some keys.
or you know, ask the nice bank lady to type this "magic key combination" for you. Yes darling my name is little bobby tables.
>CVE-2019-13052 is not being addressed either. The attacker can decrypt the encrypted communication between the input devices if he has recorded the pairing process.
Oh dear, did the keyboard I am currently jamming stopped working? I have same model! my son/nephew told me you need to pair them. Ill just sit here patiently while you do that.
> ask the nice bank lady to type this "magic key combination" for you
If the keys being pressed are not necessary to be specific keys, then you can probably sniff the keypresses from the person ahead of you in the teller's line.
In fact the article makes that sort of clear:
> Alternatively, the hacker could simply observe for a few seconds what the user is typing.
Banks probably still have enough regulation and anti-TEMPEST fear to NOT be using wireless logitech gear though... Well, maybe.
> CVE-2019-13053
Is there a word for this type of exploit: I wrap a bicycle in wrapping paper. You don't need to take off the wrapping paper to know that what it covered was a bike.
That's pretty much what this exploit is, no? You press a key on a keyboard, it sends a radio signal. If I know what key you pressed, I can associate that key press with the "shape" of the signal.
known plaintext attack
This is actually interesting from the perspective of fairness in e-sports. It's been rumoured that professional players could "cheat on LAN" by side-loading cheat software through modified hardware supplying custom 'drivers'.
If the hardware itself has vulnerabilities it could be used to mask the cheat loading and make it harder for the host PCs to detect if any of that side-loading is happening.
Anybody know of secure alternatives?
It seems these wireless keyboards are all made as cheaply as possible. Microsoft advertises "AES security" for their wireless keyboards and mice, with a pre-paried USB dongle. But since they run on 27 MHz via a custom USB dongle I assume it's a proprietary protocol (and therefore likely quite insecure). Bluetooth might be a bit better but still has limited range for conference-room use.
Requiring physical access to the keyboard by the attacker first, makes this less impactful.
With physical access the they keyboard/computer, they could plant any other number of devices/bugs or extract information.
Once you are at physical access, you can go to town. Optical surveillance and even recording the sound of the keys being stroked to calibrate[0] an acoustic cryptoanalysis algorithm.[1]
[0] https://www.schneier.com/blog/archives/2005/09/snooping_on_t... [new algorithms require less time]
Physical access road wireless keyboard, even if the system is physically secured is different. Typing some characters and recording the traffic, on a logged out computer, that totally possible and a lot less suspicious.