Taking control through keystroke injection possible via Fujitsu keyboard

News by Doug Olenick

A German security researcher has discovered and released information on a flaw in an otherwise secure wireless keyboard that could allow an attacker to inject keystrokes and take over a computer.

A German security researcher has discovered and released information on a flaw in an otherwise secure wireless keyboard that could allow an attacker to inject keystrokes and take over a computer.

Mathias Deeg with SySS in October found a flaw, CVE-2019-9835, in Fujitsu’s Wireless Keyboard Set LX901’s receiver that allows it to receive an act upon keystroke information coming from an unauthorised keyboard. Deeg discovered that while the LX901’s keyboard and USB dongle communicate in a secure fashion using 128 AES encryption, the dongle is also able to receive and process unencrypted keyboard data packets that are sent in the correct format.

"Thus, an attacker is able to send arbitrary keystrokes to a victim’s computer system. In this way, an attacker can remotely take control over the victim’s computer that is operated with an affected Fujitsu LX901 wireless desktop set," Deeg wrote in an advisory, adding that when this activity is combined with an earlier vulnerability disclosed in 2016 a keystroke injection attack allows to remotely attack computer systems with an active screen lock, for example in order to install malware when the target system is unattended, Deeg said.

SySS reported that it successfully completed a proof of concept of the attack and performed a keystroke injection attack against the keyboard.

SySS informed Fujitsu of the problem in October 2018 and while the two companies have exchanged information concerning the vulnerabilitiy a patch has not been issued and SySS said it is not aware of any other solution that could rectify the problem.

This article was originally published on SC Media US.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop