The Fujitsu LX901, a wireless keyboard and mouse, is susceptible to keystroke injections. That’s what the German company SySS is revealing today. The vulnerability makes it possible to transmit wireless radio signals to the receiver (a USB dongle) of the keyboard. Those signals allow attackers to inject fake keystrokes.
That’s what SySS researcher Matthias Dough is writing in a blog today. He contacted Fujitsu, who hasn’t released a patch to date. It seems unlikely that there will be a patch at all, which will keep Fujitsu’s devices vulnerable. In theory, it should be possible for attackers to place malware on a device that contains the USB dongle.
Dough first of all ensures that the data from the keyboard to the USB dongle is properly encrypted. The two components together are therefore well secured. But the USB dongle contains a significant vulnerability. The dongle not only receives encrypted communication from the keyboard, but also receives unencrypted data packets. If they are written in the same format as the rest of the code, the dongle processes them as if they were normal keystrokes.
According to Deeg, this keystroke injection combined with an older vulnerability he found in 2016, can have major consequences. As a result, even computer systems with an active screen lock may be vulnerable. In theory, it should be possible for an attacker to place malware.
Deeg tells ZDNet that he approached Fujitsu in October 2018 about the vulnerability. However, since 30 October, he has not heard from the company. During my conversations with Fujitsu about the keystroke injection vulnerability, I did not receive any feedback on a patch for this security problem, says Dough. It therefore seems unlikely that this patch will be introduced. According to Dough, the vulnerability he reported in 2016 hasn’t been solved either. According to Fujitsu, this was not necessary at the time because the attacks were not easy to carry out under normal circumstances. But in a video, Dough demonstrates that it doesn’t have to be too complicated:
Dough states that in an environment with high security requirements it is better to choose a different keyboard. In his opinion, it would be best if companies also make policies about where they allow wireless keyboards. He also thinks that not only the Fujitsu LX901 keyboard and mouse are vulnerable, but that this also applies to other LX models. However, this has not yet been tested, but the other LX devices use the same communication protocol as the LX901. It is therefore highly likely that these devices also have this vulnerability.This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.