New firmware available
A firmware update for the R400, R700 and R800 has been released on the 28th of August, 2019. This addresses the reported ‘Keystroke Injection Through USB’ vulnerability.
Customers and enterprises that have heightened concerns may contact Logitech Customer Care for a replacement receiver which are expected to be available early September 2019.
Recently Logitech was approached by a German media outlet regarding a potential vulnerability related to Logitech R400, R700 and R800 presentation remotes.
We confirm that the vulnerability identified requires a controlled environment and specialized equipment. We take our customers’ security very seriously and we are actively exploring new ways to improve the security of our products.
We are currently working on a firmware update that will address the vulnerability. Customers and enterprises that have heightened concerns may contact Logitech customer care for a replacement receiver which are expected to be available early September 2019.
Q: What is the vulnerability?
A: The findings show that the signal of the presentation remote and the receiver could potentially be intercepted and keystrokes could be injected.
We can confirm the vulnerabilities would be complex to replicate as it requires specialized equipment, skill and knowledge. It would also require a hacker to be physically close to a target in range with the device. Additionally, the vulnerabilities were discovered and demonstrated in a controlled, experimental environment.
Q: How should I protect my privacy when using my Logitech products?
A: We recommend users to apply common-sense security measures such as removing the receiver from the computer when the presentation remote is not being used and storing it in the device.
We are also addressing it in an upcoming firmware update, which will allow the receiver to accept only limited inputs specific to a presenter, such as the “next slide” command. Customers who have heightened security concerns may contact Logitech customer care for a receiver replacement with this updated firmware expected to be available early September 2019.
Q: Which Logitech products are concerned by this report?
A: The keystroke injection vulnerability is specific to the R400, R700 and R800 presenters.
Q: What’s new in the firmware update released in August 2019?
A: The new firmware improves the security of the wireless connection between the receiver and the presentation remote.
Q: How can I know if my device has the latest firmware?
Receivers with the latest firmware update have the code “ESW3601” - or a higher number - printed on the receiver’s label close to the PID number.
Receivers with the latest firmware update have the following number (or higher):
All other firmware numbers don’t have the fix:
Q: How can I update the firmware of my device?
A: A new receiver with the latest firmware needs to be requested via our support page.
Once the receiver arrives, you’ll need to repair the new receiver to your existing device.
Q: How to repair a new receiver to an existing presentation remote?
2) Plug in the USB receiver on your computer.
3) Launch the utility on your computer and follow the instructions.
Once the receiver is paired, there is no need to repeat this process again.
Please sign in to leave a comment.