Announcement: Disclosure timeline for material from Logitech vulnerability research:

1) Sotftwaretool `mjackit` in about 2 weeks
- uses CrazyRadio
- PoC for sniffing of pairing
- PoC for eavesdropping encrypted keyboards
- PoC for encrypted keystroke injection (for devices patched against MouseJack)
- PoC for remote shell over Unifying dongle
- incl. source code

2) Hardwaretool LOGITacker, about 2 weeks
- firmware for nrf52840 dongle
- no external software needed
- forced pairing
- sniff device pairing and derive encryption keys
- encrypted and plain keystroke injection
- devices discovery and storage
- bypass for input filters
- source

3) raw documents created during research, in 2 weeks
- reports for vulnerabilities
- notes on RF protocol
- notes on USB protocol
- notes on covert channel capabilities of Unifying protocol

etc.

4) softwaretool "munifying" in August 2019 (when patch for key extraction vuln available)
- interacts with Unifying dongle from USB end
- compilable for Linux (Golang)
- set dongle into pairing mode
- delete (and re-pair) devices
- extract AES keys from vulnerable dongles

5) details for AES key extraction vulnerability in August 2019
- used by munifying
- encrypted presenters are affected, too (no influence on disclosure timeline)
- keys could be imported to mjackit or LOGITacker (useable eavesdropping and keystroke injection)

Devices affected by included vulnerabilities
- all Logitech Unifying keyboards
- Logitech Unifying mice with keyboard capabilities (f.e. MX Anywhere 2S)
- presentation clickers R400,R700,R800
- encrypted presentation clickers R500, SPOTLIGHT