Recently, Fujitsu wireless keyboards was vulnerable to keystroke injection attacks. Read on to know about it…
Recently, Fujitsu wireless keyboards was found to be vulnerable to keystroke injection attacks. Fujitsu LX901 wireless keyboard sets are vulnerable to keystroke injection attacks due to ‘an insecure implementation of the data communication’. A German pen-testing firm named SySS GmbH disclosed that Fujitsu LX901 wireless keyboard sets consisting of a wireless mouse and wireless keyboard are vulnerable to keystroke injection attacks. The German security researcher revealed that one model of Fujitsu wireless keyboard will accept unauthenticated input, despite the presence of AES-128 encryption.
Matthias Deeg discovered that the LX901 would respond to unencrypted but correctly formatted keystroke commands broadcast nearby. The set is normally shipped as a keyboard, mouse and receiver combination. “The Fujitsu wireless keyboard itself only transmits keystrokes via AES-encrypted data packets with a payload size of 16 bytes using the 2.4GHz transceiver CYRF6936 from Cypress Semiconductor,” Deeg wrote in an advisory about the flaw
Keystroke injection attack allows attackers to compromise computers that are operated with a vulnerable Fujitsu LX901 keyboard set and remotely take control of the compromised system. The wireless keyboard sets are prone to keystroke injections by sending unencrypted data packets with the correct pack format to the wireless keyboard set’s receiver, the USB dongle.
“Thus, an attacker is able to send arbitrary keystrokes to a victim’s computer system. In this way, an attacker can remotely take control over the victim’s computer that is operated with an affected Fujitsu LX901 wireless desktop set,” Deeg wrote in an advisory, adding that when this activity is combined with an earlier vulnerability disclosed n 2016 a keystroke injection attack allows to remotely attack computer systems with an active screen lock, for example in order to install malware when the target system is unattended, Deeg said.
The receiver of the Fujitsu wireless keyboard set not only processes the data packets with the correct format but also the unencrypted data packets. This way, attackers could send arbitrary keystrokes to a victim’s computers that are operated with a vulnerable Fujitsu LX901 keyboard set and remotely take control of the compromised system.
“However, the receiver (a.k.a. bridge) of the Fujitsu wireless keyboard set not only processes keyboard data packets encrypted with the correct shared AES key contained in the keyboard and bridge firmware, but also unencrypted data packets with the data packet format described in the CY4672 PRoC LP Reference Design Kit by Cypress Semiconductor,” SySS GmbH said in an advisory.
SySS GmbH reported the vulnerability to Fujitsu on October 19, 2018. Fujitsu confirmed the receipt of security advisory and asked for more details on the vulnerability. However, the firm has not released any patches to fix the vulnerability. “In my communication with Fujitsu regarding the keystroke injection vulnerability, I did not receive any feedback regarding a patch for this security issue. Chances for a firmware patch are really slim,” Matthias Deeg, a security researcher at SySS GmbH told ZDNet.
“I do not recommend using this vulnerable keyboard in an environment with higher security demands. And I would advise not using it in exposed places where external attackers may come easily in the 2.4 GHz radio communication range of the wireless keyboard,” Deeg added. The security researcher also published a demo video on YouTube.
Deeg said he first notified Fujitsu in late 2018, giving them 45 days to respond.