Logitech Wireless USB Dongle Vulnerabilities

Researcher Marcus Mengs discovered multiple vulnerabilities in the Logitech Wireless USB dongles (receivers) that use the “Unifying” 2.4 GHz radio technology to communicate with wireless devices such as keyboards, mice, and presentation clickers. Vulnerable Unifying dongles, ones with an orange star printed on one of its sides, could be exploited to allow a threat actor to bypass security protection and encryption, sniff on keyboard traffic, inject keystrokes, and take over computers to perform malicious attacks. Mengs also found many Logitech Unifying dongles are still at risk of the old MouseJack vulnerability from 2016. At the time of this writing, no patches are available; however, Logitech plans to patch some of the reported vulnerabilities. The NJCCIC recommends users patch systems as updates become available. We encourage users to review the technical details and demonstration videos in the ZDNet article.

AdvisoryNJCCICUSB