Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Comments Off on Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates 'Options' Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Options, the app that is designed to enable customisation of Logitech mice, keyboards, or touchpads, has now received a security patch. The patch essentially fixes a security flaw that was allowing attackers to inject arbitrary keystrokes and send system commands – all through gaining remote access. Google’s Project Zero security team intimated the Logitech team about the bug back in September. However, Logitech released Options 7.00.564 on Friday to ultimately address security concerns. A Google security researcher had already detailed the flaw in a bug report, before the patch arrived, thanks to the 90 days deadline expiring.

Google security researcher Tavis Ormandy in his bug report states that the Logitech Options was opening a WebSocket server on systems on which it’s installed without any origin checking process. That made the app vulnerable to keystroke injection attacks. “The only ‘authentication’ is that you have to provide a PID [process ID] of a process owned by your user, but you get unlimited guesses so you can bruteforce it in microseconds,” explained Ormandy in the report.

“After that, you can send commands and options, configure the ‘crown’ to send arbitrary keystrokes, etc, etc.”

Alongside raising the bug report, Ormandy personally reported the issue to the Logitech engineers in mid-September. Logitech acknowledged the flaw soon upon receiving its report. However, the company took over three months to bring its patch – more than Google Project Zero’s 90-day deadline for public disclosure. It did bring an updated Options app on October 1, but that update didn’t include any fixes for the reported security issues, as the security researcher wrote in a comment to his bug report on the Chromium site.

“This now past deadline, so making public,” said Ormandy. “I would recommend disabling Logitech Options until an update is available.”

Soon after the bug report became public, it gained some attention among security researchers and finally pushed Logitech to release the patch.

“The release of Logitech Options 7.00, which addresses Origin checks and type checking, is now live and can be downloaded for Windows and Mac,” Logitech tweeted on Friday to confirm the fix.

You can download the updated Options app on your PC to start customising your Logitech mouse, keyboard, or touchpad. The app supports devices such as MX Vertical, MX Ergo, MX Anywhere 2S, K600 TV Keyboard, MK850 Performance, MK540 Advanced, and MX900 Performance Combo for customisations.

admin

Related Posts

Gartner Says Global IT Spending Will Grow 3.2 Percent in 2019

Comments Off on Gartner Says Global IT Spending Will Grow 3.2 Percent in 2019

Asus F570 Gaming Laptop, VivoBook 15 (X505) Ultra Portable Laptop Launched in India

Comments Off on Asus F570 Gaming Laptop, VivoBook 15 (X505) Ultra Portable Laptop Launched in India

Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

Comments Off on Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

Comments Off on LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

Asus Announces 4 New Durable Chromebooks Ahead of CES 2019, Including Its First Tablet

Comments Off on Asus Announces 4 New Durable Chromebooks Ahead of CES 2019, Including Its First Tablet

Intel ‘Ice Lake’ 10nm CPUs, ‘Lakefield’ Hybrid CPU, Slim ‘Project Athena’ 5G Laptops Announced at CES 2019 Jamshed Avari, 08 January 2019

Comments Off on Intel ‘Ice Lake’ 10nm CPUs, ‘Lakefield’ Hybrid CPU, Slim ‘Project Athena’ 5G Laptops Announced at CES 2019 Jamshed Avari, 08 January 2019

Logitech G502 Gaming Mouse With 11 Programmable Buttons Launched at Rs. 6,495

Comments Off on Logitech G502 Gaming Mouse With 11 Programmable Buttons Launched at Rs. 6,495

LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

Comments Off on LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

Google Working on Dual-Boot Windows 10 Support For Multiple Chromebooks: Report

Comments Off on Google Working on Dual-Boot Windows 10 Support For Multiple Chromebooks: Report

Acer Predator Helios 500 Gaming Laptop With Up to Intel Core i9 Launched in India

Comments Off on Acer Predator Helios 500 Gaming Laptop With Up to Intel Core i9 Launched in India

MSI GS75 Stealth, MSI PS63 Modern Laptops Announced at CES 2019

Comments Off on MSI GS75 Stealth, MSI PS63 Modern Laptops Announced at CES 2019

AMD Ryzen finally makes octo-core processors affordable

Comments Off on AMD Ryzen finally makes octo-core processors affordable

Create Account



Log In Your Account