There are slim opportunities for Fujitsu to release a patch.
Fujitsu LX wireless keyboards are sensitive to injection keystrokes, revealed SySS GmbH today. These assaults allow a threatened player to transmit wireless radio signals to the USB dongle receiver and to inject rogue keyboard presses to the computer of the user.
The vulnerability was reported to Fujitsu but no firmware patches were released. The security researcher Matthias Deeg said the vulnerability was not caused by a keyboard and USB recipient with weak cryptography in a report published today. The two components actually work via a secured communication channel.
The flaw lies instead with the USB receiver alone, which in addition to accepting the encrypted communications on the keyboard also takes unencrypted data packets using the demo design kit described by Fujitsu devs on the USB dongle.
In addition, Deeg says that if this attack by a keystroke injection is also combined with an older “replay attack” on Fujitsu’s wireless keyboard in 2016, the threat actor can “remotely attack active screen blocked computers” and plant malware on apparently safe systems. Deeg told Fujitsu in October last year that he reported the flaw but he hasn’t heard from the company since 30 October.
“I have not received any feedback about the patch for this safety issue in my communications with Fujitsu on the key-stroke injection vulnerability,” the researcher told us when we asked if he suggested that a fix could be released in the future even after his public disclosure. Opportunities to a firmware patch are slim. Deeg also said that Fujitsu did not even patch up the vulnerability in 2016, let alone provide the last one with a timeline.
In a reply given at the time and shared by Deeg, the company didn’t prioritize patching the replay attack. “I did not receive feedback about a patch in my communication with Fujitsu about the vulnerability to the keystroke injected,” the researcher told us when asked if Fujitsu had requested that a fix be published in the future even after his public disclosure.
Thank you very much for your information about our wireless keyboard. As we have already pointed out, we believe that the described scenario is not easy to perform under real conditions due to the radio protocol used. As mentioned, our product is not destined to sell security, but convenience in the first place (without the security drawbacks of unencrypted wireless keyboards). Any new information and insights will be incorporated into the already planned successor product.
Opportunities for a firmware patch are slim. Deeg told ZDNet that the vulnerability in 2016 was not even patched, let alone a timeline for the last. The researcher displays a basic radio hardware rig for removing a keystroke injection attack in a demo video published on YouTube by the SySS security researcher.
The radio gear is easily concealed underneath the clothes, as can be seen above, and a threat actor can only inject malware into unattended systems through targeted computers. “I don’t recommend using this vulnerable keyboard in a higher-security environment,” Deeg told.
“And I advise not to use it in exposed locations where external attackers can be found within a wireless keyboard’s 2.4-GHz radio communications range.” “And if I was a company or public authority and didn’t trust people with access, such as employees, contractors or visitors, to my computer systems, I wouldn’t use vulnerable keys as well,” Deeg said.
The researcher also said that companies could best mitigate the use of wireless keys in comprehensive controls. Deeg only tested Fujitsu LX901’s wireless mouse and keyboard set, but he said other models of LX are also most likely affected. “Our other wireless desktop Set Fujitsu Wireless Keyboards LX390 may be using the same 2.4 GHz radio technology and also have keystroke injectors and/or replay vulnerabilities.
I only tested LX901, as my colleague Gerhard Klostermeier and I only tested the LX901 in our previous research project ‘ Mice and Keyboards: Modern Wireless Desktop Sets’
