Profile picture
, 8 tweets, 2 min read Read on Twitter
Announcement: Disclosure timeline for material from Logitech vulnerability research:
1) Sotftwaretool `mjackit` in about 2 weeks
- uses CrazyRadio
- PoC for sniffing of pairing
- PoC for eavesdropping encrypted keyboards
- PoC for encrypted keystroke injection (for devices patched against MouseJack)
- PoC for remote shell over Unifying dongle
- incl. source code
2) Hardwaretool LOGITacker, about 2 weeks
- firmware for nrf52840 dongle
- no external software needed
- forced pairing
- sniff device pairing and derive encryption keys
- encrypted and plain keystroke injection
- devices discovery and storage
- bypass for input filters
- source
3) raw documents created during research, in 2 weeks
- reports for vulnerabilities
- notes on RF protocol
- notes on USB protocol
- notes on covert channel capabilities of Unifying protocol

etc.
4) softwaretool "munifying" in August 2019 (when patch for key extraction vuln available)
- interacts with Unifying dongle from USB end
- compilable for Linux (Golang)
- set dongle into pairing mode
- delete (and re-pair) devices
- extract AES keys from vulnerable dongles
5) details for AES key extraction vulnerability in August 2019
- used by munifying
- encrypted presenters are affected, too (no influence on disclosure timeline)
- keys could be imported to mjackit or LOGITacker (useable eavesdropping and keystroke injection)
Devices affected by included vulnerabilities
- all Logitech Unifying keyboards
- Logitech Unifying mice with keyboard capabilities (f.e. MX Anywhere 2S)
- presentation clickers R400,R700,R800
- encrypted presentation clickers R500, SPOTLIGHT
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Marcus Mengs
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!