Hughes: Updating Logitech Hardware on Linux
Hughes: Updating Logitech Hardware on Linux
Richard Hughes describes
his work to address the MouseJack
vulnerability in Logitech (and other) receivers. This vulnerability allows an
attacker to pair new devices with the receiver with no user interaction or
awareness, and, thus, take over the machine. "This makes
sitting in a café quite a dangerous thing to do when any affected hardware
is inserted, which for the unifying dongle is quite likely as it’s
explicitly designed to remain in an empty USB socket.
"
Logitech has provided firmware updates, but not for "unsupported" platforms like Linux. Hughes has filled that gap by getting documentation and a fixed firmware image from Logitech and adding support for these devices to fwupd. He is now looking for testers to ensure that the whole thing works across all devices. This is important work that is well worth supporting.