Share this page!

Marcus Mengs Profile picture
Twitter logo
3 Nov, 30 tweets, 7 min read
About one and a half years ago, I disclosed several security issues affecting @Logitech wireless peripherals (mainly "Unifying" brand, but others - e.g. "G-Series Lightspeed" - are affected too).

Because of recent requests, I want to briefly review the flaws

1/n
1) CVE-2019-13053 covers a an issue, which allows an attacker to inject encrypted keystrokes over the air, without knowing the actual encryption keys. The root cause is unproper protection against counter reuse for underlying AES CTR.

In order to exploit this ...

2/n
... is required to get knowledge of about 8 keypresses while sniffing encrypted wireless traffic. This step is only required once. If the victim uses a clicker - for example - an attacker could get knowledge on a pressed key sequence, by observing how the slides ...

3/n
change (everytime the next slide appears, it could be safely assumed that the pressed key was "Cursor RIGHT").

Once about 8 "plain" key presses are known, the attacker could exploit the flaw to wireless inject an unlimited amount of arbitrary key presses.

4/n
Another to get knowledge on pressed keys: The attacker triggers the key presses herself (a few seconds of device access are enough, as that has only to be done once). For LED triggering keys (NUM LOCK, CAPS LOCK etc), this could be further automated, as the protocol leaks...

5/n
metadata, which allows to identify those special keys, even if transmissions are encrypted.

A demo for this approach was shown here:


Logitech clarified that the issue WILL NOT BE ADDRESSED

6/n
While allowing keystroke injection, the issue described above would not allow to eavesdrop wireless key presses from an encrypted keyboard, because the encryption keys are unknown to the attacker.

But there are two other flaws, which allow to obtain the encryption keys:

7/n
2) CVE-2019-13052 covers a flaw, which allows an attacker to obtain the link encryption key in case he is able to sniff a wireless pairing of a device and a dongle.

While this technique works fully passive and wireless, chances are low that such a pairing occurs ...

8/n
in real world scenarios (the devices and dongles ship pre-paired). Still, with one time physical access, an attacker would be able to unpair and re-pair the devices. The time required to do so would be a few seconds and the newly assigned encryption keys could be sniffed.

9/n
Again, this procedure is only required once in order to empower an attacker to wireless eavesdrop pressed keys or inject keys forever. There is no user indication for the encryption key compromise (everything works as intended).

Demo:

10/n
Again, Logitech clarified that the issue WILL NOT BE ADDRESSED.

Manual enforcement of re-pairing to enroll the described attack, would require one time physical access to device and receiver.

But there exists a similar flaw, which requires only receiver access...

11/n
3) CVE-2019-13055 described a flaw, which allowed to dump the link encryption keys directly from a receiver via USB.

The issue depends on the SoC used by the receiver (only affects Texas Instruments, not Nordic Semiconductors), but most new receivers are vulnerable.

...

12/n
Dumping the keys from a receiver with one time physical access (to the receiver, not the host) takes less than 1 second and was demoed here:



13/n
In contrasts to the other flaws, Logitech put some efforts into patching this one. Receivers with latest firmwares should not be vulnerable, but the patch could be bypassed by simply downgrading the firmware to a vulnerable on before stealing the keys.

14/n
The downgrade-bypass requires 23 additional seconds, before keys could be dumped again (for receivers without signed firmware it is even less).

This was demoed here:



15/n
For receivers which check firmware signatures, a vulnerable signed firmware is required for the bypass. Respective firmwares are publicly available for:

- all affected Unifying receivers
- Lightspeed receivers
- NOT available for "Spotlight" clicker receiver

16/n
There are still chances of being able to dump keys from a fully patched Logitech "Spotlight" receiver, by "cross-flashing" the receiver with a vulnerable (but signed) Unifying firmware and re-flash it with the legacy firmware once keys have been dumped.

17/n
I was not able to test the latter, as my test device was only borrowed from a supporter. Also, it would be less interesting to eavesdrop a clicker, but arbitrary keystroke injection remains a valid goal for such an attempt.

So far it goes for the vulns, nut there is more..

18/n
Almost all wireless Logitech use a proprietary protocol called HID++ (build on top of USB "Human Interface Device" protocol). All implementations of the protocol are backwards compatible to its very 1st version and provide room for an attacker to hide arbitrary data in it.

19/n
Moreover, the HID++ protocol works bi-directional, which means data could injected wireless and ends up on the USB port of the host which has the receiver attached ... and ... USB data generated on the host could be transmitted wireless and sniffed from the outside.

20/n
I want to be very clear, that these conditions are met for all Unifying devices (and many other Logitech devices) BY DESIGN. In addition, the wireless version of HID++ data is transmitted unencrypted for Unifying (for Lightspeed receivers a key is needed).

This means..

21/n
an attacker could abuse the HID++ protocol to bring up a covert channel via a Logitech receiver WITHOUT THE NEED TO MODIFY THE RECEIVER OR INTERFERING WITH ITS NORMAL FUNCTIONALITY.

Demo - covert channel remote shell with a "Spotlight" receiver:



22/n
Because this is intended functionality, there will be no patch.

Another demo extends the approach by implanting a Logitech receiver into an USB cable.
The client payload for the covert channel gets typed out invisibly (the target is air-gapped)

23/n
So to sum up:

- 1 out of 3 vulnerabilities was patched
- the patched could be bypassed
- abusing HID++ for covert channel communications will always be possible

There exists patched receivers for clickers like the R400, which effectively prevent ...

24/n
... arbitrary keystroke injection (by not allowing physical key presses which do not map to buttons on the clicker). Still it would be possible to exploit those receivers for covert channel communications.

25/n
So for mitigation:
- Only use receivers which are patched against keystroke injection (ask Logitech support, not me)
- disconnect the receiver when not used
- assure nobody can access the receiver
- alternative: avoid wireless input

26/n
If you want to test your devices yourself, I provided a tool which runs on USD10 hardware. It is called LOGITacker and covers almost all techniques mentioned here. It was designed to counter Logitech's argument "the attacks are hard to deploy"

github.com/RoganDawes/LOG…
27/n
Finally, if you are interested in more details I suggest to watch my (only public) talk given at @bsideskbh on the topic:

vimeo.com/378870549

28/n
I hope this answers most of the question I was facing recently. To my best knowledge, not much has changed since the disclosures, but it is hard to keep track of or test each individual receiver/device combination (again, LOGITacker is there for testing).

Stay safe, MaMe82
29/29
In tweet #22 I linked the wrong demo.

Here's the correct one for the remote shell on using the receiver of a clicker

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Marcus Mengs

Marcus Mengs Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @mame82

Marcus Mengs Profile picture
4 Nov
Throughout last days, I struggled instrumenting Google SafetyNet protected apps with @fridadotre (meanwhile 14.0.6), because SafetyNet's "basic integrity" check failed.

The test device runs LineageOS + Magisk.

Let me share how I approached this issue Image
The root issue was an outdated version of "Google Play Services", which was fixed by installing the most recent version of "Open GApps". This bumped GMS to version 20.39.15 ImageImage
In order to pass the SafetyNet basicIntegrity check, "MagiskHide" comes to help. It has to be applied to the Google Play Services (formerly known as Google Mobiles Services aka GMS) ImageImage
Read 13 tweets
Marcus Mengs Profile picture
3 Nov
Request for help.

Recently SafetyNet checks started failing on one of my test devices.

The cause is that the request for the "attestation ID" is failing, with error status -129.
The status code -129 corresponds to a failed Binder transaction. The service backing the called Binder interface is 'KeyAttestationApplicationIdProviderService'.

The specific method is `getKeyAttestationApplicationId`.

Is anybody used such an issue where the Binder ...
... interface IPC call fails? Any guidance on how to fix or further investigate this is welcome!
Read 5 tweets
Marcus Mengs Profile picture
19 Oct
#AppPrivacy #Android

If you are interested in what data Android Apps push out to AppsFlyer, it might be a good idea to utilize @fridadotre to hook the 'af*' methods of class 'com.appsflyer.AFLogger'.

The screenshot shows an example of the app 'Bild'

1/n
The screenshot contains to events, related to outbound http requests.

1) The one starting with "url:", which contains a request URI
2) The next event starting with "data:", which contains the **unecrypted** content, which is sent out ("appsflyerkey" redacted)

2/n
If you inspect the corresponding HTTPS request, the actual data is encrypted (at least it should be).

So if you have to proof the the data from "AFLogger" is contained in the request, you have to decrypt the body content

3/n
Read 7 tweets
Marcus Mengs Profile picture
1 Jul
Some months I reported "HTTP request smuggling" vulnerabilities to various VDPs.

All of them fixed the issue in the meantime. There was one interesting exception which taught me how careful you have to act, even with VDPs: A German company which is described like this
When I found the first issue with this company, I publicly asked on where and how to report.

It didn't take long till I got a direct contact and was directed to a private VDP on the major bounty platform. I agreed to use it (which meant NDA) because my contact was trustworthy
The report was pending for about two weeks (no managed program). During this time I started to work out related issues in other public web pages from the same company, when the initial report was closed as "not being applicable" without any explanation.
Read 11 tweets
Marcus Mengs Profile picture
17 Jun
@K_Plattform_f_R @th0rst3n @heutejournal @ClausKleber @Falafelkid Nochmal falsch. Die Genauigkeit der Entfernungsschätzung bei BLE 4.0 liegt nicht bei 10m. Die Gesammte Betriebsreichweite liegt etwa bei 10-15m. Ich denke du verwechselst Entfernungschätzung mit Positionsbestimmung.

Ich versuch dir mal zu helfen:
@K_Plattform_f_R @th0rst3n @heutejournal @ClausKleber @Falafelkid 1) Proximity (BLE 4.0)

Du möchtest nur Wissen ob ein BLE Beacon (oder anderer Advertiser, wie Smartphone) sich in der Nähe befindet. Dazu genügt es festzustellen, ob du Advertisements empfängst. Die Genauigkeit liegt dann bei 10-15m (keine Verwendung von RSSI)
@K_Plattform_f_R @th0rst3n @heutejournal @ClausKleber @Falafelkid 2) Entfernungsschätzung (BLE 4.0)

Du betrachtest nicht nur *OB* du Advetisements empfängst, sondern auch die RSSI und errechnest daraus eine Entfernungsschätzung zum Empfänger. Ungenauigkeit 1-2m (je mehr Messungen, umso besser können fehler herausgerechnet werden.
Read 11 tweets
Marcus Mengs Profile picture
11 Mar
@_MG_ @ektoplant @Korsakoff1 @campuscodi @LucaBongiorni Agreed on both. Depends on attack style.

If a user should do injection by accident and the attack should succeed before intervention (f.e. device looking like flashdrive), typing has to be fast (and will still be noticed).

1/n
@_MG_ @ektoplant @Korsakoff1 @campuscodi @LucaBongiorni If you have interactive control on injection (point in time when it should happen; speed; actual payload to type), typing speed is less a concern. Injection could be carried out when the user doesn't notice it (f.e. injection implants in legit devices).

2/n
@_MG_ @ektoplant @Korsakoff1 @campuscodi @LucaBongiorni In both variants, first infection stage (the one typed out) should require only a few characters. This is esp. true for Internet connected targets (f.e. short download cradles in stage 1).

3/n
Read 5 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get email notifications when new thread is out from this Author!

Check out other threads from this Author!

Read all threads by @mame82