A German security researcher has discovered and released information on a flaw in an otherwise secure wireless keyboard that could allow an attacker to inject keystrokes and take over a computer.
Mathias Deeg with SySS in October found a flaw, CVE-2019-9835, in Fujitsu’s Wireless Keyboard Set LX901’s receiver that allows it to receive an act upon keystroke information coming from an unauthorized keyboard. Deeg discovered that while the LX901’s keyboard and USB dongle communicate in a secure fashion using 128 AES encryption, the dongle is also able to receive can process unencrypted keyboard data packets that are sent in the correct format.
“Thus, an attacker is able to send arbitrary keystrokes to a victim’s computer system. In this way, an attacker can remotely take control over the victim’s computer that is operated with an affected Fujitsu LX901 wireless desktop set,” Deeg wrote in an advisory, adding that when this activity is combined with an earlier vulnerability disclosed n 2016 a keystroke injection attack allows to remotely attack computer systems with an active screen lock, for example in order to install malware when the target system is unattended, Deeg said.
SySS reported that it successfully completed a proof of concept of the attack and performed a keystroke injection attack against the keyboard.
SySS informed Fujitsu of the problem in October 2018 and while the two companies have exchanged information concerning the vulnerabilitiy a patch has not been issued and SySS said it is not aware of any other solution that could rectify the problem.