When hackers design malware or plans of attack, they typically look for openings in a system that leave it undefended and helpless. If a properly equipped computer or software is functioning normally, these openings are few and far between — which is why security vulnerabilities get so much attention from the press when they’re discovered. If an exploit is found that hackers can abuse, it’s safe to assume that they’ll use it to the fullest.
One area that’s become a hotbed for hacker activity is third-party computer accessories. Because there are so many manufacturers out there, security standards can vary wildly between products. As such, it’s not unusual to find a dongle or add-on that leaves gaping security holes in your system that hackers can easily walk on through.
Sadly, big-name manufacturers aren’t immune to the threat of security flaws. An old vulnerability discovered in 2016 affected an entire range of products from one of the biggest accessory makers in the industry. Now, researchers have found that products affected by the flaw are still on the market. What’s more, they’re also vulnerable to newly discovered threats.
Logitech’s Unifying wireless dongle hosts a number of security flaws
Back in 2016, security researchers discovered a startling security hole in wireless dongles produced by famed electronics company Logitech. These small, USB powered devices are responsible for connecting wireless accessories to a computer — including mice, keyboards, and presentation clickers.
The flaw, dubbed “MouseJack,” allows hackers to harness an unsecured wireless signal and send inputs like clicks, mouse movements, and keystrokes remotely. When executed properly, it can lead to a literal hijacking of the computer — almost like it’s being controlled remotely.
In response to the discovery, Logitech released a patch that apparently fixed the issue. However, researchers are finding that a number of Logitech products on the market are still vulnerable to the 2016 MouseJack flaw.
In addition to the reappearance of MouseJack, a few new vulnerabilities have cropped up that specifically affect unsecured Logitech products. These flaws allow for similar hijacking effects, but also allow users to eavesdrop on keystrokes.
In a worst-case scenario, a smart hacker could learn things like passwords, credit card information, and Social Security numbers just by watching what their victim is typing.
How can I protect my Logitech items from this security hole?
Right now, owners of Logitech accessories can visit the company’s support page for patches that cover the affected range of products. These patches were originally released in 2016, and address the MouseJack vulnerabilities that are most dangerous to computer owners.
As for new and emerging flaws, Logitech is currently investigating and developing updated patches that should be available to download in August, according to a press release from the company.
A key factor to consider is that Logitech did not recall its existing products affected by the security flaw, so if you have any at-risk accessories, it’s highly recommended you update as soon as possible. This will protect your computer and accessories from any unauthorized control or snooping.
Make sure to keep an eye on Logitech’s support page as well for new updates on upcoming security patches, along with Komando.com. We’ll update this story as soon as more details or fixes come to light.
In the meantime, don’t let this update pass you by! With this particular flaw, you won’t know you’ve been hit until it’s far too late to help!