You need to update your Logitech wireless dongle to avoid falling victim to MouseJack hacking

Logitech Unifying Reciever

If the word MouseJack seems familiar, it's because it as been around for a while. It is a remote access hack that emerged a few years back that took advantage of a vulnerability in some Logitech wireless dongles, as well as hardware from other manufacturers.

Being at least three years old, you would expect that patches would have been addressed -- and they were. But a large number of devices are still at risk because Logitech failed to recall the affect units that were on sale so there's a chance that if you bought a Logitech wireless keyboard, mouse or standalone dongle in the last few years, you could be at risk.

Using the MouseJack exploit, it is possible for a hacker to do a number of things, including sending keystrokes to a vulnerable machine and forcing the pairing of new devices without the need for the dongle to be in pairing mode.

Of course, once the problem was discovered, Logitech started to release updated dongles to the market that were secured against the vulnerability. But this still left a huge number of devices for sale that were problematic. Even mice bought recently could still pose a risk.

Speaking to the Verge, Logitech explains:

Logitech evaluated the risk to businesses and to consumers, and did not initiate a recall of products or components already in the market and supply chain. We made the firmware update available to any customers that were particularly concerned, and implemented changes in products produced later.

Logitech released a fix quite some time ago, but it's entirely possible that you have not installed it as you need to look for it yourself. If you head to the Logitech website you'll find firmware updates for the Mac and Windows versions of the Unifying receiver, as well as a separate firmware update for the G900 gaming mouse.

Image credit: MiNe (sfmine79) / Flickr

6 Responses to You need to update your Logitech wireless dongle to avoid falling victim to MouseJack hacking

  1. whatabug says:

    Thanks for that link.

  2. Azmodeus says:

    Damn never heard about that vulnerability. I need to check this ASAP.

  3. fishtail says:

    really? that link's initial thread started "3 years ago" and the G900 download was released in July 2017. I doubt all that addresses MouseJack exploit.
    Please do some fact check.

  4. barely_normal says:

    I think this needs to be given the once over as to how prevalent this will actually be - most non-corporate users will never face this, given the range of the transmission and the density of the usage.

    • SpaceChief says:

      some of the damage incurred is independent of the radio range of the dongle, you seem to be missing the idea and approach of the hack.

      • barely_normal says:

        If you cannot reach it [out of range] you cannot hack it. If it is a matter of an attack vector from within the PC, then that is the cause, and therein lies the problem.

© 1998-2020 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.