Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Comments Off on Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates 'Options' Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Options, the app that is designed to enable customisation of Logitech mice, keyboards, or touchpads, has now received a security patch. The patch essentially fixes a security flaw that was allowing attackers to inject arbitrary keystrokes and send system commands – all through gaining remote access. Google’s Project Zero security team intimated the Logitech team about the bug back in September. However, Logitech released Options 7.00.564 on Friday to ultimately address security concerns. A Google security researcher had already detailed the flaw in a bug report, before the patch arrived, thanks to the 90 days deadline expiring.

Google security researcher Tavis Ormandy in his bug report states that the Logitech Options was opening a WebSocket server on systems on which it’s installed without any origin checking process. That made the app vulnerable to keystroke injection attacks. “The only ‘authentication’ is that you have to provide a PID [process ID] of a process owned by your user, but you get unlimited guesses so you can bruteforce it in microseconds,” explained Ormandy in the report.

“After that, you can send commands and options, configure the ‘crown’ to send arbitrary keystrokes, etc, etc.”

Alongside raising the bug report, Ormandy personally reported the issue to the Logitech engineers in mid-September. Logitech acknowledged the flaw soon upon receiving its report. However, the company took over three months to bring its patch – more than Google Project Zero’s 90-day deadline for public disclosure. It did bring an updated Options app on October 1, but that update didn’t include any fixes for the reported security issues, as the security researcher wrote in a comment to his bug report on the Chromium site.

“This now past deadline, so making public,” said Ormandy. “I would recommend disabling Logitech Options until an update is available.”

Soon after the bug report became public, it gained some attention among security researchers and finally pushed Logitech to release the patch.

“The release of Logitech Options 7.00, which addresses Origin checks and type checking, is now live and can be downloaded for Windows and Mac,” Logitech tweeted on Friday to confirm the fix.

You can download the updated Options app on your PC to start customising your Logitech mouse, keyboard, or touchpad. The app supports devices such as MX Vertical, MX Ergo, MX Anywhere 2S, K600 TV Keyboard, MK850 Performance, MK540 Advanced, and MX900 Performance Combo for customisations.

admin

Related Posts

HP Envy x360 With AMD Ryzen Processor Launched in India; New Notebooks, Desktop Also Launched

Comments Off on HP Envy x360 With AMD Ryzen Processor Launched in India; New Notebooks, Desktop Also Launched

MSI GS75 Stealth, MSI PS63 Modern Laptops Announced at CES 2019

Comments Off on MSI GS75 Stealth, MSI PS63 Modern Laptops Announced at CES 2019

HP Omen 15 Gaming Laptop, Spectre x360 15 With OLED Display Launched at CES 2019

Comments Off on HP Omen 15 Gaming Laptop, Spectre x360 15 With OLED Display Launched at CES 2019

Intel ‘Ice Lake’ 10nm CPUs, ‘Lakefield’ Hybrid CPU, Slim ‘Project Athena’ 5G Laptops Announced at CES 2019 Jamshed Avari, 08 January 2019

Comments Off on Intel ‘Ice Lake’ 10nm CPUs, ‘Lakefield’ Hybrid CPU, Slim ‘Project Athena’ 5G Laptops Announced at CES 2019 Jamshed Avari, 08 January 2019

LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

Comments Off on LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

HP Revenue Tops Estimates on Personal Systems Business

Comments Off on HP Revenue Tops Estimates on Personal Systems Business

How to get Windows 10 to stop asking you for feedback

Comments Off on How to get Windows 10 to stop asking you for feedback

Microsoft Surface Pro 6, Surface Laptop 2, Surface Studio 2 Launched; All Access Payment Plan Also Announced

Comments Off on Microsoft Surface Pro 6, Surface Laptop 2, Surface Studio 2 Launched; All Access Payment Plan Also Announced

HP Omen 15 Gaming Laptop, Spectre x360 15 With OLED Display Launched at CES 2019

Comments Off on HP Omen 15 Gaming Laptop, Spectre x360 15 With OLED Display Launched at CES 2019

ASUS launches its first 15-inch Chromebook – C523 for $270

Comments Off on ASUS launches its first 15-inch Chromebook – C523 for $270

Asus Announces 4 New Durable Chromebooks Ahead of CES 2019, Including Its First Tablet

Comments Off on Asus Announces 4 New Durable Chromebooks Ahead of CES 2019, Including Its First Tablet

Comments Off on

Create Account



Log In Your Account