Tag Archive for Keyboard

| July 26, 2019
Comments Off on Fix Your Dongle – Today

Fix Your Dongle – Today

Fix Your Dongle - TodayIf you use a Logitech (LOGI) wireless mouse, keyboard or other device fix your dongle! The Logitech wireless dongle (officially Unifying Receiver) is vulnerable to an issue discovered in 2016 as well as newly discovered vulnerabilities unless you’ve updated the firmware. Download and install the latest firmware update to protect against vulnerabilities.

Mousejack attach

Logitech logoAffected Logitech wireless devices are vulnerable to a hack called “Mousejack.” Mousejack, (CVE-2016-10761) was first reported in 2016 by IoT security firm Bastille Networks, Inc. The Mousejack attach works by sending malicious radio signals (packets) wirelessly to an unsuspecting user through Logitech Unifying wireless technology. Logitech only partially fixed the hole (Cert VU#981271) in 2016. Mousejack uses the vulnerable Logitech Unifying receiver to intercept and inject unencrypted signals within a range of about 100 meters.

Incomplete fix

Logitech did not recall the Unifying Receiver back in 2016 when Mousejack appeared. Four new vulnerabilities were discovered in 2019. The new vulnerabilities are based on the incomplete 2016 fix. Logitech will only fix two of the four vulnerabilities, the others will remain unpatched. The vulnerabilities are logged as:

Logitech will not fix the holes identified in CVE-2019-13052 or CVE-2019-13053, both of which impact all Logitech Unifying devices. A Logitech representative told the Verge:

Logitech evaluated the risk to businesses and to consumers and did not initiate a recall of products or components already in the market and supply chain.

Logitech wireless mouseLogitech plans to patch the security flaws in CVE-2019-13054 (impacts Logitech R500, Logitech SPOTLIGHT) and CVE-2019-13055 which affects all encrypted Unifying devices with keyboard capabilities.

All Logitech USB dongles

Marcus Mengs, the researcher who discovered these vulnerabilities, told ZDNet the vulnerabilities impact all Logitech USB dongles that use the company’s proprietary “Unifying” 2.4 GHz radio technology to communicate with wireless devices.

Unifying is a Logitech standard dongle radio technology, and has been shipping with a wide range of Logitech wireless gear since 2009. The dongles are often found with the company’s wireless keyboards, mice, presentation clickers, trackballs, and more.

  • Sniff keyboard traffic,
  • Inject keystrokes (even into dongles not connected to a wireless keyboard)
  • Take over the computer to which a dongle has been connected.
  • Steal the encryption key between the dongle and its paired device
  • Bypass a “key blacklist” designed to prevent the paired device from injecting keystrokes

Bastille Networks

Techsupportalert.com reports that many of the vulnerable dongles are still on the market even though Logitech started releasing updated dongles sold with mice, keyboards, and stand-alone receivers.

 Hard to find firmware update

firmware updateNot long after the discovery, Techsupportalert.com, says Logitech issued a firmware update but it was hard to find on the support site and wasn’t widely known. If you didn’t update the firmware then (and most of us didn’t know about it) now is an excellent time to update.

Even if you installed the Logitech drivers and configuration app that came with the device, you are not protected. The required firmware update is not included, it must be downloaded and installed separately.

Give credit to Logitech, their firmware can be updated, where other manufacturer’s wireless dongles cannot be updated. This includes products from Microsoft, Dell (DELL, HP (HPQ), and Lenovo (LNVGY). In fact, any device that uses the same Nordic Semiconductor or Texas Instruments (TXN) chips and firmware for wireless receivers is vulnerable. The NordicRF nRF chip is a common chip used in wireless keyboards, mice, and presentation tools, which are frequently found in non-Bluetooth wireless input devices.

If you use a wireless device from Logitech or the Lenovo 500 devices, Bastille recommends you update your firmware. Any other non-Bluetooth wireless devices should be disconnected and you should contact your vendor and ask what models are not vulnerable before you replace your current gear.

Lenovo’s announcement is here.

Logitech’s announcement is here.

Here are the direct download links to the Logitech Unifying Receiver firmware update for PC, Mac, and the gaming mouse:

  • Logitech PC firmware update (zip)
  • Logitech Mac firmware update (zip)
  • Logitech G900 gaming mouse firmware update (zip)

rb-

Logitech Unifying ReceiverYou probably have an affected device on your network. Logitech has sold well over a billion mice. Users can recognize if they’re using a vulnerable dongle if it has an orange star printed on one of its sides.

If you have any extra Logitech wireless dongles around (I have several) you may want to update them.

You should also check back in with Logitech support, to see if the promised additional fixes will be forthcoming in August 2019.

Related Posts

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , , , , , , , , ,
| June 24, 2010
Comments Off on Keyboard Viruses

Keyboard Viruses

Keyboard VirusesComputer keyboards are so dirty they could cause symptoms of food poisoning and other illnesses, according to an article on InfoWeek. British researchers for Which? Computing says that your computer keyboard is filthier than toilets. The site had a microbiologist compare germs on 33 office keyboards to toilets and bathroom door handles and found the keyboards contained the most bacteria.

The keyboards were so dirty, they could cause symptoms of food poisoning and other illnesses, according to the article. One keyboard had 150 times the recommended limits on bacteria and was five times as dirty as one of the toilet seats. The magazine said that office workers who fail to wash their hands after using the bathroom and those who eat lunch at their desks are likely to blame for the dirty keyboards. Half the people surveyed said they clean their keyboards less than once a month. Ten percent said they never clean their keyboards, and 20% said they never clean their mouse.

Another survey by the University of Arizona‘s Dr. Charles Gerba contained similar findings. He found that women’s makeup, phones, pocketbooks, hand lotion bottles, keyboards, desk drawers, and mice had the most germs. Men’s wallets, handheld devices, and phones topped the male list. That study found that women’s desks contained, on average, seven times more germs than men’s desks. Gerba, whose study was backed by Clorox, recommended frequent hand washing and the use of disinfectant wipes. The British report recommends turning off computers, shaking out food crumbs, using a damp cloth to wipe surfaces, and following up by disinfecting with alcohol wipes.

Related articles
  • Technology and Toilet Seats: The Skinny on Germ Transmission (medicaldaily.com)

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Health care | Tags: , , , , ,
| March 19, 2010
Comments Off on Keyboard Crud Fingers Suspects

Keyboard Crud Fingers Suspects

Keyboard Crud Fingers SuspectsResearchers have developed a new technique to identify individuals by the hand bacteria they leave behind on their personal computers keyboard and computer mice. Researchers at the University of Colorado (CU) at Boulder have shown that “personal” bacterial communities living on the fingers and palms of individual computer users that were deposited on keyboards and mice closely matched the bacterial DNA signatures of users.

The development of the technique is continuing, but it could offer a way for forensics experts to independently confirm the accuracy of DNA and fingerprint analyses, says CU-Boulder Assistant Professor Noah Fierer, chief author of the study. “Each one of us leaves a unique trail of bugs behind as we travel through our daily lives,” said Fierer, an assistant professor in CU-Boulder’s ecology and evolutionary biology department, ” … we think the technique could eventually become a valuable new item in the toolbox of forensic scientists.

The team used gene-sequencing techniques to match bacteria DNA swabbed from individual keys on computers to bacteria on the fingertips of keyboard owners. Fierer said in the article that bacterial DNA from the keys matched much more closely to bacteria of keyboard owners than to bacterial samples taken from random fingertips and from other keyboards. In a second test, the team swabbed nine keyboard mice that had not been touched in more than 12 hours and collected palm bacteria from the mouse owners. The researchers were able to successfully match the owner’s palm bacteria and the owner’s mouse from a group of 270 randomly selected samples.

The study showed the new technique is about 70 to 90 percent accurate, a percentage that likely will rise as the technology becomes more sophisticated, said Fierer. The CU-Boulder team used a “metagenomic” survey to simultaneously analyze all the bacteria on the fingers, palms, and computer equipment, said co-author Rob Knight. The effort involved isolating and amplifying tiny bits of microbial DNA, then building complementary DNA strands with a high-powered sequencing machine that allowed the team to identify different families, genera, and species of bacteria from the sample.

Another reason the new technique may prove valuable to forensic experts is that unless there is blood, tissue, semen, or saliva on an object, it’s often difficult to obtain sufficient human DNA for forensic identification, said Fierer. But given the abundance of bacterial cells on the skin surface, it may be easier to recover bacterial DNA than human DNA from touched surfaces, they said. “Our technique could provide another independent line of evidence.”

Once further research is completed, Frier says the new technique may be useful for linking objects to users in cases where clear fingerprints cannot be obtained – from smudged surfaces, fabrics and highly textured materials, he said. The new technique would even be useful for identifying objects touched by identical twins since they share identical DNA but they have different bacterial communities on their hands.

The study was published March 15, 2010, in the Proceedings of the National Academy of Sciences. Co-authors included Christian Lauber and Nick Zhou of CU-Boulder’s Cooperative Institute for Research in Environmental Sciences, Daniel McDonald of CU-Boulder’s department of chemistry and biochemistry, Stanford University Postdoctoral Researcher Elizabeth Costello, and CU-Boulder chemistry and biochemistry Assistant Professor Rob Knight.

rb-

Fierer states that this new technique brings up bioethical issues to consider, including privacy. “While there are legal restrictions on the use of DNA and fingerprints, which are ‘personally identifying’, there currently are no restrictions on the use of human-associated bacteria to identify individuals,” he said. “This is an issue we think needs to be considered.”

It would be my recommendation that firms get ahead of this issue and review their employee privacy policies to deter the “expectation of privacy” until the courts decide if bacteria growing outside of an individual is eligible to be classified as “personally identifiable information” (PII).

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , ,
| November 27, 2009
Comments Off on New Network Monitoring Tool

New Network Monitoring Tool

New Network Monitoring ToolThere is now a reason for the three LEDs on your keyboard, you know number lock, caps lock, and scroll lock lights? Network Lights, an app by IT Samples resurrects these dinosaurs from a long-ago era and makes them blink in time with outgoing and incoming network packets on your PC’s network interface.

Network LightTo recover some functionality of these throw-backs just download, extract, and run the executable. You will see a new system tray icon to customize program settings. It does not seem to work really well on notebooks but it does apparently work on Win7.

This utility is released as freeware and is provided by the publisher “AS IS” without any warranty. Only you will be liable for any special, incidental, consequential, or indirect damages due to loss of data or any other reason. If you encounter a problem while running this utility or you have any suggestions, comments, you can send a message to support (at) itsamples.com.

 

Ralph Bach has been in IT long enough to know better and has blogged from his Bach Seat about IT, careers, and anything else that catches his attention since 2005. You can follow him on LinkedInFacebook, and Twitter. Email the Bach Seat here.

Category: Uncategorized | Tags: , , , , , , , , ,
  Recent Entries »