Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Comments Off on Logitech Updates ‘Options’ Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Updates 'Options' Customisation App to Fix Security Flaw Allowing Keystroke Injection Attacks

Logitech Options, the app that is designed to enable customisation of Logitech mice, keyboards, or touchpads, has now received a security patch. The patch essentially fixes a security flaw that was allowing attackers to inject arbitrary keystrokes and send system commands – all through gaining remote access. Google’s Project Zero security team intimated the Logitech team about the bug back in September. However, Logitech released Options 7.00.564 on Friday to ultimately address security concerns. A Google security researcher had already detailed the flaw in a bug report, before the patch arrived, thanks to the 90 days deadline expiring.

Google security researcher Tavis Ormandy in his bug report states that the Logitech Options was opening a WebSocket server on systems on which it’s installed without any origin checking process. That made the app vulnerable to keystroke injection attacks. “The only ‘authentication’ is that you have to provide a PID [process ID] of a process owned by your user, but you get unlimited guesses so you can bruteforce it in microseconds,” explained Ormandy in the report.

“After that, you can send commands and options, configure the ‘crown’ to send arbitrary keystrokes, etc, etc.”

Alongside raising the bug report, Ormandy personally reported the issue to the Logitech engineers in mid-September. Logitech acknowledged the flaw soon upon receiving its report. However, the company took over three months to bring its patch – more than Google Project Zero’s 90-day deadline for public disclosure. It did bring an updated Options app on October 1, but that update didn’t include any fixes for the reported security issues, as the security researcher wrote in a comment to his bug report on the Chromium site.

“This now past deadline, so making public,” said Ormandy. “I would recommend disabling Logitech Options until an update is available.”

Soon after the bug report became public, it gained some attention among security researchers and finally pushed Logitech to release the patch.

“The release of Logitech Options 7.00, which addresses Origin checks and type checking, is now live and can be downloaded for Windows and Mac,” Logitech tweeted on Friday to confirm the fix.

You can download the updated Options app on your PC to start customising your Logitech mouse, keyboard, or touchpad. The app supports devices such as MX Vertical, MX Ergo, MX Anywhere 2S, K600 TV Keyboard, MK850 Performance, MK540 Advanced, and MX900 Performance Combo for customisations.

admin

Related Posts

Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

Comments Off on Asus, Gigabyte Motherboard and Graphics Card Drivers Found to Have Security Vulnerabilities

At 82, NASA’s ‘Human Computer’ Sue Finley Still Reaching for the Stars

Comments Off on At 82, NASA’s ‘Human Computer’ Sue Finley Still Reaching for the Stars

ASUS launches its first 15-inch Chromebook – C523 for $270

Comments Off on ASUS launches its first 15-inch Chromebook – C523 for $270

LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

Comments Off on LaCie USB Type-C Portable SSD With 540MBps Speeds, Up to 2TB Storage Launched

Asus Announces 4 New Durable Chromebooks Ahead of CES 2019, Including Its First Tablet

Comments Off on Asus Announces 4 New Durable Chromebooks Ahead of CES 2019, Including Its First Tablet

Asus F570 Gaming Laptop, VivoBook 15 (X505) Ultra Portable Laptop Launched in India

Comments Off on Asus F570 Gaming Laptop, VivoBook 15 (X505) Ultra Portable Laptop Launched in India

MSI GS75 Stealth, MSI PS63 Modern Laptops Announced at CES 2019

Comments Off on MSI GS75 Stealth, MSI PS63 Modern Laptops Announced at CES 2019

Logitech G502 Gaming Mouse With 11 Programmable Buttons Launched at Rs. 6,495

Comments Off on Logitech G502 Gaming Mouse With 11 Programmable Buttons Launched at Rs. 6,495

How to get Windows 10 to stop asking you for feedback

Comments Off on How to get Windows 10 to stop asking you for feedback

Gartner Says Global IT Spending Will Grow 3.2 Percent in 2019

Comments Off on Gartner Says Global IT Spending Will Grow 3.2 Percent in 2019

AMD Ryzen finally makes octo-core processors affordable

Comments Off on AMD Ryzen finally makes octo-core processors affordable

HP Omen X Emperium 65-Inch Monitor With Nvidia G-Sync HDR Launched at CES 2019

Comments Off on HP Omen X Emperium 65-Inch Monitor With Nvidia G-Sync HDR Launched at CES 2019

Create Account



Log In Your Account