Recently Logitech was approached by a German media outlet regarding a potential vulnerability related to Logitech R400, R700 and R800 presentation remotes.

We confirm that the vulnerability identified requires a controlled environment and specialized equipment. We take our customers’ security very seriously and we are actively exploring new ways to improve the security of our products.

We are currently working on a firmware update that will address the vulnerability. Customers and enterprises that have heightened concerns may contact Logitech customer care for a replacement receiver which are expected to be available early September 2019.

Q: What is the vulnerability?
A: The findings show that the signal of the presentation remote and the receiver could potentially be intercepted and keystrokes could be injected.
We can confirm the vulnerabilities would be complex to replicate as it requires specialized equipment, skill and knowledge. It would also require a hacker to be physically close to a target in range with the device. Additionally, the vulnerabilities were discovered and demonstrated in a controlled, experimental environment.

Q: How should I protect my privacy when using my Logitech products?
A: We recommend users apply common-sense security measures such as removing the receiver from the computer when the presentation remote is not being used and storing it in the device.
We are also addressing it in an upcoming firmware update, which will allow the receiver to accept only limited inputs specific to a presenter, such as the “next slide” command. Customers who have heightened security concerns may contact Logitech customer care for a receiver replacement with this updated firmware expected to be available early September 2019.

Q: Which Logitech products are concerned by this report?
A: The keystroke injection vulnerability is specific to the R400, R700 and R800 presenters.