Dongle | Bach Seat

Tag Archive for Dongle

RB | November 7, 2020

Comments Off

Why Do We Call Them Dongles

If you remember the days before digital rights management (DRM) you also remember having to connect a piece of hardware to your PC to make a piece of software work. The hardware required to activate your software was commonly referred to as a ‘Smart Key.’ Smart keys or dongles are plugged into a computer port and controlled your access to one or more software applications – early copyright protection.

The first time I ran into a “smart key” was setting up an Avid video editing system on a fancy new PowerMac G3 back in the day. More recently I saw techs struggle to set up a way to use a “not so smart key” in a high availability VM environment. “Dongle” now refers to “any small module that plugs in and sticks out of a socket.” But why are these things commonly call dongles and where did the weird word actually come from? That’s a matter of debate — The Atlantic dangles several promising origin stories.

Dongle origin stories

A Poetic Origin – The oldest theory is that dongle came, from the literary world. The article explains that the word “dongle” has been frequently used in poetry, as an onomatopoeic term for the ringing of bells (as in “ding-dong”). As an example, this 1915 poem, “The Bells of Berlin”:

ding-dong"

The Bells of Berlin, how they hearten the Hun
(Oh dingle dong dangle ling dongle ding dee);
No matter what devil’s own work has been done
They chime a loud chant of approval, each one,
Till the people feel sure of their place in the sun
(Oh dangle ding dongle dong dingle ding dee).

Ummmm – Does that ring a bell with anybody?

A College Entrance Exam – If the poetry idea does not ring true for you – the author offers another theory. They found a claim by Ian Kemmish in a chat about the etymology of “dongle” has its roots in a logic question in a Cambridge college entrance exam.

The first time I saw the word was … in 1976 … It was a “logic” question. The question described a mythical computer with various controls … described various combinations of control actions and their outcomes (‘the babbocks break’, ‘the dongles droop’ etc) … ‘dongle’ was coined by someone who had taken that paper … remembered the word used to describe something on a computer that drooped….

Well – Does that origin story make the grade?

Another UK theory – The University of Pennsylvania’s language log says the word ‘dongle’ emerged around 1980. They base the claim on the U.K. magazine MicroComputer Printout’s report that dongle, “has been appearing in many articles with reference to security systems for computer software.”

A Madison Avenue Invention – If U.K. origins don’t work – the article tries to sell you another one. The word “dongle” appears in a 1992 ad for the information-security company Rainbow Technologies (SafeNet >> Thales), in Byte Magazine. The ad claimed that “dongle” was a derivation of its inventor, Mr. “Don Gall.” This was untrue, Ben Zimmer on the NYT notes, that the story, “was so egregiously false that the company happily owned up to it as a marketing ploy when pressed …”

A Corruption of the Word “Dangle”- According to P.B. Schneck in the 1999 IEEE paper Persistent access control to prevent piracy of digital information “… the word may be a corruption of ‘dangle,’ … given the shape of most dongles … though it doesn’t directly explain the shift in vowels form “a” to “o.”

It is Magic – The Atlantic seems to give up and attributed the origin of “dongle” to an unknown neologizer. They conclude that “dongle” just sprung up from the minds of some unknown figure in a process of “de novo creation.” One expert blames the phenomena of phonesthesia, or sound symbolism. He believes dongle, ” … appeared out of the blue in recent decades — among them bling, bonkers, bungee, dweeb, glitzy, gunk, and wonk.”

rb-

Despite not knowing why we call them dongles – dongles are still with us.

Want to connect your laptop to a television? You’ll need a dongle.

Want to track your dog’s activity? Buy a dongle.

Trying Chromecast? You’ll also be dongling.

They are still causing much frustration and controversy.

The ultimate solution to the HA VM dongle problems was to and replace the application – In the interim, they used a Digi usb anywhere device to get more than one VM to connect to the Digi device.

Stay safe out there!

Related article

Donglevision (Tedium)

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedIn, Facebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: 2020, Avid, Bells, Dongle, DRM, Hardware, HDCP, HDMI, Security

RB | July 26, 2019

Comments Off

Fix Your Dongle – Today

If you use a Logitech (LOGI) wireless mouse, keyboard or other device fix your dongle! The Logitech wireless dongle (officially Unifying Receiver) is vulnerable to an issue discovered in 2016 as well as newly discovered vulnerabilities unless you’ve updated the firmware. Download and install the latest firmware update to protect against vulnerabilities.

Mousejack attach

Affected Logitech wireless devices are vulnerable to a hack called “Mousejack.” Mousejack, (CVE-2016-10761) was first reported in 2016 by IoT security firm Bastille Networks, Inc. The Mousejack attach works by sending malicious radio signals (packets) wirelessly to an unsuspecting user through Logitech Unifying wireless technology. Logitech only partially fixed the hole (Cert VU#981271) in 2016. Mousejack uses the vulnerable Logitech Unifying receiver to intercept and inject unencrypted signals within a range of about 100 meters.

Incomplete fix

Logitech did not recall the Unifying Receiver back in 2016 when Mousejack appeared. Four new vulnerabilities were discovered in 2019. The new vulnerabilities are based on the incomplete 2016 fix. Logitech will only fix two of the four vulnerabilities, the others will remain unpatched. The vulnerabilities are logged as:

Logitech will not fix the holes identified in CVE-2019-13052 or CVE-2019-13053, both of which impact all Logitech Unifying devices. A Logitech representative told the Verge:

Logitech evaluated the risk to businesses and to consumers and did not initiate a recall of products or components already in the market and supply chain.

Logitech plans to patch the security flaws in CVE-2019-13054 (impacts Logitech R500, Logitech SPOTLIGHT) and CVE-2019-13055 which affects all encrypted Unifying devices with keyboard capabilities.

All Logitech USB dongles

Marcus Mengs, the researcher who discovered these vulnerabilities, told ZDNet the vulnerabilities impact all Logitech USB dongles that use the company’s proprietary “Unifying” 2.4 GHz radio technology to communicate with wireless devices.

Unifying is a Logitech standard dongle radio technology, and has been shipping with a wide range of Logitech wireless gear since 2009. The dongles are often found with the company’s wireless keyboards, mice, presentation clickers, trackballs, and more.

According to numerous sites, the vulnerabilities allow attackers to:

Sniff keyboard traffic,
Inject keystrokes (even into dongles not connected to a wireless keyboard)
Take over the computer to which a dongle has been connected.
Steal the encryption key between the dongle and its paired device
Bypass a “key blacklist” designed to prevent the paired device from injecting keystrokes

Bastille Networks

Techsupportalert.com reports that many of the vulnerable dongles are still on the market even though Logitech started releasing updated dongles sold with mice, keyboards, and stand-alone receivers.

Hard to find firmware update

Not long after the discovery, Techsupportalert.com, says Logitech issued a firmware update but it was hard to find on the support site and wasn’t widely known. If you didn’t update the firmware then (and most of us didn’t know about it) now is an excellent time to update.

Even if you installed the Logitech drivers and configuration app that came with the device, you are not protected. The required firmware update is not included, it must be downloaded and installed separately.

Give credit to Logitech, their firmware can be updated, where other manufacturer’s wireless dongles cannot be updated. This includes products from Microsoft, Dell (DELL, HP (HPQ), and Lenovo (LNVGY). In fact, any device that uses the same Nordic Semiconductor or Texas Instruments (TXN) chips and firmware for wireless receivers is vulnerable. The NordicRF nRF chip is a common chip used in wireless keyboards, mice, and presentation tools, which are frequently found in non-Bluetooth wireless input devices.

If you use a wireless device from Logitech or the Lenovo 500 devices, Bastille recommends you update your firmware. Any other non-Bluetooth wireless devices should be disconnected and you should contact your vendor and ask what models are not vulnerable before you replace your current gear.

Lenovo’s announcement is here.

Logitech’s announcement is here.

Here are the direct download links to the Logitech Unifying Receiver firmware update for PC, Mac, and the gaming mouse:

Logitech PC firmware update (zip)
Logitech Mac firmware update (zip)
Logitech G900 gaming mouse firmware update (zip)

rb-

You probably have an affected device on your network. Logitech has sold well over a billion mice. Users can recognize if they’re using a vulnerable dongle if it has an orange star printed on one of its sides.

If you have any extra Logitech wireless dongles around (I have several) you may want to update them.

You should also check back in with Logitech support, to see if the promised additional fixes will be forthcoming in August 2019.

Academics steal data from air-gapped systems via a keyboard’s LEDs (ZDNet)

Category: Uncategorized | Tags: 2.4 GHz, 2019, Dongle, Hack, Keyboard, LOGI, Logitech, Moue, Mousejack, Nordic Semiconductor, presentation clickers, Security, Texas Instruments, trackballs, TXN, Vulnerabilities, Wireless

S	M	T	W	T	F	S
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Bach Seat