U tweetove putem weba ili aplikacija drugih proizvođača možete dodati podatke o lokaciji, kao što su grad ili točna lokacija. Povijest lokacija tweetova uvijek možete izbrisati. Saznajte više
Logitech Unifying vulnerability - extracting AES keys of all paired devices from a (fully patched dongle) in less than a second, followed by live RF sniffing and decryption. Trimmed video, full version on youtube. Details in following tweetspic.twitter.com/IoDue4cqJh
The vuln allows to extract all RF device addresses and AES keys from a Unifying dongle, if physical access is possible for about a second (see time to dump in video). I did a mistake in the PoC code, thus all addresses look the same in the video (mistake in string conversion)
An attacker needs no access to the actual devices, only to the dongle. The second tool (mjackit) consumes the dumped data, starts listening on one of the device addresses (see selection in video) and uses the dumped AES key to decrypt sniffed keystrokes.
As the device is known to the attacker, there's no need to scan (like with pseudo promiscuous mode by @travisgoodspeed), sniffing the correct device works immediately.
In case you noticed that the 'e' in 'friends' wasn't captured - this was a missed frame during channel ...
... change, as the PoC usn't optimized for proper channel hopping (but works good enough for demoing). Of course I can't give details on the root cause, but it seems only dongles with TI hardware are affected (CU0008, CU0012, maybe more).
Dongles with @NordicTweets chips seem not to be affected (CU0007) by this special issue.
Ironically, sniffing is done with Nordic chip (CrazyRadio).
I need some time to prepare a report for @Logitech and don't give further details to public, now.
Anyways, be sure to keep an eye on your Unifying dongles. Youtube video is here:https://youtu.be/5z_PEZ5PyeA
Forgot to mention: Anywhere MX 2S mouse could act as keyboard (see "report types" in video) and thus is a valid target for encrypted keystroke injection, in contrast to older Anywhere MX mouse (which I liked more).
Oh wow....this is something interesting!
Yes, it's the 3rd and hopefully last PoC on Unifying. Had something different in mind, when I started to investigate this devices. Logitech has a strong interest in fixing security issues. Anyways, not sure how willing customers are when it comes to patching .. hope this helps
In your opinion, what is a reasonably secure wireless keyboard/mouse solution? Bluetooth seems to have its own issues.
There has been plenty of research and vulnerabilities have been uncovered in most wireless brands. I wouldn't go for wireless, at all, if security is a concern. Unless firmware implementations are open sourced, you can't be sure key generation/exchange and crypto algorithms...
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
