Logitech Unifying Receiver Update
Pinned
- For PC or Mac users: You can download a simple updating tool here: https://support.logi.com/hc/articles/360035037273
- Enterprise customers: You can download a centrally deployable tool for PC here: https://download01.logi.com/web/ftp/pub/techsupport/keyboards/Script%20DFU%20Tool.zip (Mac support will be added shortly)
______________________________________________________________
Earlier this year a security researcher approached Logitech regarding three potential vulnerabilities related to Logitech’s Unifying Receiver. We have been in communication with him since to assess the risks associated with these findings and ways of addressing them.
We’d like to first reassure you that this research was conducted in a controlled environment. The vulnerabilities would require special equipment and skills, as well as proximity to - or even physical access to - the target’s computer or device.
People who are concerned about their privacy should take note of and apply the computing security measures described in the Q&A below.
We are actively working on a firmware update that will address one of the vulnerabilities and expect it to be available for download in August, 2019. We will update this post as soon as it becomes available for download!
We take our customers’ privacy very seriously, and these findings help us to continually improve our products.
Q: What are the vulnerabilities reported by the security researcher?
A: Three potential vulnerabilities were reported. Two of them relate to extracting the encryption key that secures the communication between the Logitech device and the Logitech Unifying USB receiver. The third one relates to overcoming the barriers to keystroke injection between the device and the USB receiver.
A person trying to replicate these would need expertise and special equipment and to be within 10m range. They would need to act during the few seconds when someone is re-pairing a device to the Unifying receiver, or would need physical access to the target’s device or computer.
Q: How should I protect my privacy when using my Logitech products?
A: You can protect your privacy by applying some basic principles as you use your computer and your Logitech products.
First and foremost, follow the common-sense security measures that are found in a typical office or home and don’t ever let strangers physically access or tamper with your computer or input devices.
Secondly, all our Unifying devices are securely paired to a wireless receiver when they are produced and pairing is not required thereafter. However, the ability to pair a second, third or fourth device to a single USB receiver is one of the advantages of our Unifying wireless technology so we enable it through a simple piece of software. If you have to pair a device to a Unifying receiver, this procedure could allow a hacker - with the right equipment and skills, and physically close to your computer - to “sniff” the encryption key. So this brief procedure should only be done when absolutely certain that there is no suspicious activity within 10m/30ft.
Note, if your device stops working, this is never because of a loss of pairing to the USB receiver so re-pairing is not required to troubleshoot.
Q: Which Logitech products are concerned by these reports?
A: Mice and keyboards using Logitech’s Unifying wireless protocol. You can identify Unifying products by a small orange logo on the wireless USB receiver, featuring a shape with six points. The Spotlight presentation remote and R500 presenter, are also impacted.
In addition, Logitech’s Lightspeed gaming products are concerned by the encryption key extraction vulnerabilities.
Q: Can I install a firmware upgrade to protect me against this? How?
A: Two of the vulnerabilities (known as CVE-2019-13053 and CVE-2019-13052) would be difficult for an attacker to exploit and can be effectively protected against by applying the computing privacy guidelines above. We won’t address these with a firmware update as this would negatively impact interoperability with other Unifying devices.
However, we take security very seriously and we recommend our customers update their wireless Unifying USB receivers to the latest firmware. We are actively working on a firmware update that will address the third vulnerability (known as CVE-2019-13054/55). We expect this to be available for all applicable devices in August, 2019 and we will update this page with more information at that time.
- For PC or Mac users: You can download a simple updating tool here: https://support.logi.com/hc/articles/360035037273
- Enterprise customers: You can download a centrally deployable tool for PC here: https://download01.logi.com/web/ftp/pub/techsupport/keyboards/Script%20DFU%20Tool.zip (Mac support will be added shortly)
- Linux users: Our latest firmware has been submitted to the Linux Vendor Firmware Service and will be available at https://fwupd.org/.
-
I have a rather irritating issue with the Unifying Software that’s built into the Logitech Options application. I use my PC for mainly gaming purposes and so when playing these games I have them in full screen. Every time I’m playing a game with my game controller and my MX Master 2S turned off, without fail after 10-15 minutes of playing the Unifying Software hijacks me out of my game in full screen to show the unifying icon in the task bar and then disappears seconds later when I turn my mouse back on. It’s rather frustrating for me because it happens every time and if I’m heavily engrossed in the game or it’s a competitive match online this ruins the experience for me. Is there any way I can avoid this from reoccurring? I’ve checked the settings of the software and can’t see any options close to what I’m seeing.
-
Hi Ege Melih AZKARA
Google can answer that for you.
-
Maybe this is useful for mac users. Found this in one of the old Logitech blogs
-
Hi Kendle Max, thanks for sharing information here. Please accept our sincere apology for delayed response. Kindly let us know if you have any questions or concerns any time in the future.
Regards,
Pooja
Logi support -
See what a factory defect the mice have Logitech G Pro X Lightspeed
of course, the Logitech company washes its hands and the store has already replaced 3 mice and the problem is still there.
Please sign in to leave a comment.
Comments
125 comments