Logitech mice, keyboards could be vulnerable to "MouseJack".

An old flaw in the USB Unifying Receiver dongles of Logitech's wireless mouse and keyboard may allow hackers to take control of these mice and keyboards – and thus, ultimately, a computer.

The flaw was discovered in 2016 and named "MouseJack". It can allow an attacker to intercept the wireless signal between a Logitech mouse or keyboard and the Unifying USB receiver dongle to which it connects at a maximum distance of 100 meters, said Bastille, a security consulting firm. wireless. The flaw does not affect accessories connected via Bluetooth.

To intercept this signal, a hacker would need his own wireless transmitter, like the one shown here, which can easily be purchased online for cheap.

In 2016, CNET's Sean Hollister (now at The Verge) explained how the MouseJack flaw allowed security researchers to introduce it into his laptop during a demonstration. "They broke in as if nothing had happened – they could have erased my hard drive, stolen files, or just about anything you could do with a computer," Hollister said.

Logitech released a fix in 2016 when the flaw was discovered. But what is crucial is that the patch does not have – and can not – access Logitech accessories that are still in their packaging, on store shelves. After all, they were not yet connected to the Internet,

Speaking in front of Hollister at The Verge, a security researcher from Bastille announced that he had recently purchased a Logitech M510 mouse, released in 2010 and shipped with an unpatched dongle.

Logitech confirmed to The Verge that the company had not recalled products in transit, in stores or anywhere in the world at that time, and that it had updated the patch for customers to install it. themselves. This means that anyone buying a Logitech device manufactured before Bastille's initial report might find it vulnerable.

However, the company also indicated to Verge that the necessary modifications had been made to the products manufactured after the discovery of the fault.

Fortunately, the solution is simple. Logitech has a support page on which a user can download and install the patch for Windows and macOS devices. So, if you own a Logitech wireless mouse or keyboard, make sure you are up to date.

We have contacted Logitech for an additional comment and we will update it if we have an answer.