Wireless Vulnerabilities & Exploits
Wireless Vulnerabilities & Exploits
WVE ID: WVE-2005-0032
Type: Vulnerability
Status: Candidate
Classification:
Design Flaw
Description:
Logitech mice and keyboards are vulnerable to MitM (man in the middle) attacks.
Discussion:
The Logitech Cordless iTouch Keyboard, Freedom Pro, Freedom Navigator, and Freedom are susceptible to remote eavsdropping, hijacking, and MitM attacks. These devices operate on a carrier frequency of 27Mhz. When using these devices a user presses the "Connect" button on both the receiver connected to their computer as well as the one on their keyboard or mouse. This initiates a synchronization mechanism whereby the reciever and device find a pair of frequencies to communicate on.
An attacker using radio equipment can monitor the synchronization traffic between a victim's receiver and their keyboard or mouse. From this, the attacker can read keystrokes from a keyboard without the victim's knowledge. Furthermore, an attacker can modify one of the affected devices to enable them to take control of the victim's keyboard or mouse, giving them full access to the victim's console.
Credits
Author:
Axel
Hammer
(alpha01@grafx-design.de)
: None
References
BUGTRAQ:
http://seclists.org/lists/bugtraq/2001/May/0156.html
CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2001-0737
BID:
http://www.securityfocus.com/bid/2738/
Released: 2001-05-16
Submitter
Andrew
Lockhart
(alockhart@networkchemistry.com)
: Network Chemistry
Submitted: Fri Nov 04 15:57:49 -0800 2005
Candidate Date: Fri Nov 04 15:59:08 -0800 2005
