Security expert Marcus Mengs has found a security breach in Logitech mouse and keyboards. Certain models that are connected wirelessly to the computer via a USB receiver are at risk. The error allows the attacker to keep a record of the keys pressed by the user on the keyboard for example, although he can also send his own commands to the computer to infect it with malware. According to Heise, the company has confirmed the gap found by Marcus Mengs.

How the attack works?

To understand the attack, you need to understand the wireless technology used by Logitech. This is Unifying, a wireless standard that allows multiple input devices to operate with a single USB receiver connected to the computer. These receivers are usually identified by a small orange star drawn on the USB.

Through a security hole in Unifying the attacker can create a backdoor to inject malicious software into the computer or simply get information. All remotely using Logitech wireless technology. In fact not only does it use this technology to infiltrate the system, but it can follow continuous communication via the back door. They are usually used only to carry out the attack and then the data is obtained or controlled via the local network/Internet.

While the security hole is severe, performing the attack is more complicated than it seems. To infiltrate the computer the attacker needs to have temporary access to the keyboard to press a series of keys with which to record the radio traffic used for the attack. In other words, physical presence is required to carry out the first attack.

Who is affected by vulnerability and what can be done?

​ 

As we've seen, the vulnerability affects Logitech devices that use Unifying wireless technology. It is a technology used since 2009 and compatible with most wireless keyboards and mouse from the manufacturer. Unifying is used in both economy and high-end models. If the USB receiver connected to the computer has an orange star, it means that it is Unifying.

For now, the only thing the user can do to improve their security is to upgrade the firmware on the Logitech peripheral to the latest version. This is done with the Logitech SecureDFU firmware update tool. The latest firmware versions available are: 012.008.00030, 012.009.00030, 024.006.00030 and 024.007.00030 On the other hand, with Unifyng Software you can check .

Which version is currently installed

Updating the firmware to the latest version does not guarantee that an attack cannot occur. It's going to be hard for Logitech to completely solve the software problem, because it would mean breaking the compatibility of dozens of products with the Unifying standard. Logitech recommends "keeping your computer (with a USB receiver) where strangers can't physically access or manipulate it.

	Extensive Product Selection ● Over 300,000 products ● 20 different categories ● 15 local warehosues ● Multiple top brands		Convenient Payment ● Global payment options: Visa, MasterCard, American Express ● PayPal, Western Union and bank transfer are accepted ● Boleto Bancario via Ebanx (for Brazil)
	Prompt Shipping ● Unregistered air mail ● Registered air mail ● Priority line ● Expedited shipping		Dedicated After-sales Service ● 45 day money back guarantee ● 365 day free repair warranty ● 7 day Dead on Arrival guarantee (DOA)