[G3D]Vulnerability: Logitech Options users should uninstall immediately - Overclock.net - An Overclocking Community

Forum Jump: 

[G3D]Vulnerability: Logitech Options users should uninstall immediately

Reply
 
Thread Tools
post #1 of 11 (permalink) Old 12-15-2018, 08:52 PM - Thread Starter
Performance is the bible
 
Join Date: Apr 2009
Posts: 6,537
Rep: 432 (Unique: 298)
[G3D]Vulnerability: Logitech Options users should uninstall immediately

source
Quote:
Attackers could exploit this issue by sending simulated keystrokes from any website and thus execute pretty much anything on affected systems.
...
starts when Windows starts and then also opens the vulnerable port on which a websockets service runs. Websites can communicate directly with the websockets service and because there is no authentication, it will accept any command it receives. Even worse, the software also doesn’t check where the commands originate from, which means it will accept any commands from any website.
...
Update: Logitech is now offering an updated version of their Options software that fixes the vulnerabiity.
If you are using that logitech software, either update asap, or uninstall asap.


Defoler is offline  
Sponsored Links
Advertisement
 
post #2 of 11 (permalink) Old 12-15-2018, 11:54 PM
Robotic Chemist
 
Asmodian's Avatar
 
Join Date: Aug 2009
Location: San Jose, California
Posts: 2,382
Rep: 176 (Unique: 116)
Curious, this is the software for their normal productivity peripherals, not their Gaming Software. I was expecting it to be the gaming software because it has remote connectivity features. This kind of flaw is only possible when the developer is not thinking of security at all and is one of those obvious security issues that Google’s Project Zero is ideal for. How many of these never go public because the company manages to release a patch insides Google's 90 day window?
Asmodian is offline  
post #3 of 11 (permalink) Old 12-16-2018, 02:58 AM
New to Overclock.net
 
Join Date: Jun 2008
Location: Wilts, U.K.
Posts: 3,499
Rep: 451 (Unique: 383)
I guess he looked at their gaming software for the same thing once he found this vulnerability? Let hope so.


Darren9 is offline  
Sponsored Links
Advertisement
 
post #4 of 11 (permalink) Old 12-17-2018, 10:56 AM
✾ ✿ ❀ ❁
 
Alex132's Avatar
 
Join Date: Dec 2009
Posts: 8,225
Rep: 335 (Unique: 271)
Quote: Originally Posted by Darren9 View Post
I guess he looked at their gaming software for the same thing once he found this vulnerability? Let hope so.
It would have obviously been checked too, and because it is not included in this article nor mentioned we can safely assume it does not have this vulnerability.

| This Cannot Continue | We Are Become As Gods | This Cannot Continue |

Vehicles:
Current: None.
Ex: '07 Fiat Palio, '07 Honda Accord Type-S
Illya
(26 items)
Yuki
(23 items)
CPU
Intel i9 9900K @ 5.2Ghz
Motherboard
Gigabyte Aorus Master
GPU
EVGA 1080 Ti FTW3
RAM
G.Skill Trident Z 32GB 4000Mhz
Hard Drive
Samsung 970 Pro 512GB
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
WD Red 8TB
Power Supply
Seasonic Prime Titanium 850W
Cooling
EK Velocity CPU Block
Cooling
EK 1080 Ti FTW3 GPU Block
Cooling
HardwareLabs GTX420
Cooling
HardwareLabs GTS280
Cooling
HardwareLabs GTS140
Cooling
EK D5 140 Glass Pump/res
Case
Phanteks Evolv X
Operating System
Windows 10 Pro
Monitor
Asus ROG Swift PG279Q 165Hz 1440p
Monitor
I-INC 1920x1200 TN 27"
Keyboard
Ducky One 2 Midnight
Mouse
Logitech G502
Mousepad
CoolerMaster Swift-RX XL
Audio
Sennhesier HD650
Audio
Schiit Jotunheim Amp/DAC
Audio
Samson C01U Microphone
Audio
Edifier R1700BT
Other
Oculus Rift
CPU
Intel 2500K 5Ghz
Motherboard
ASUS P8P67 Pro
GPU
EVGA 1080 Ti FTW3
RAM
G.Skill RipJaws X 2133Mhz 16GB
Hard Drive
120GB Corsair Neutron GTX
Hard Drive
Samsung 850 Evo 1TB
Hard Drive
WD Red 8TB
Power Supply
EVGA G3 850W
Cooling
Hyper 212
Cooling
EK Vardar fans
Case
Corsair 270R w/TG mod
Operating System
Windows 10
Monitor
Asus ROG Swift PG279Q
Monitor
I-Inc 1200p
Keyboard
Razer BlackWidow 2013
Mouse
Logitech G502 Proteus Spectrum
Mousepad
CoolerMaster Swift-RX XL
Audio
Sennheiser HD650
Audio
Schiit Jotunheim Balanced DAC + Amp
Audio
Edifier R1700BT Speakers
Audio
Samson C01U Microphone
Other
Oculus Rift
Other
PS4 Controller
▲ hide details ▲


Alex132 is offline  
post #5 of 11 (permalink) Old 12-17-2018, 11:22 AM
It Just Works
 
TFL Replica's Avatar
 
Join Date: Oct 2008
Posts: 14,850
In the case of the gaming software (which I know is not mentioned here), you can usually save your preferences (DPI steps, LED color, etc.) on the device and just remove the application from startup.


TFL Replica is offline  
post #6 of 11 (permalink) Old 12-17-2018, 02:21 PM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 8,701
Rep: 284 (Unique: 209)
Quote: Originally Posted by TFL Replica View Post
In the case of the gaming software (which I know is not mentioned here), you can usually save your preferences (DPI steps, LED color, etc.) on the device and just remove the application from startup.
You can save some but not everything a process still needs to be running to support per application profiles as a process has to check what process has focus to decide what profile to switch to.

As far as connecting to your machine's open port well good luck as many machines are behind multiple NATs and connecting to them through the jungle of your ISP is a miracle or even a paid feature outright so people have to pay more for a public IP so they can be a server at all that others can connect to. Sure can be worked around with tunneling and having an online server you're already connected to.

On top of that why not use a firewall on your machine and on your home network on top of your ISP probably having various protections as well but those at home you can configure and block connections if you're on public IP that anyone can connect to. Open port from some crap app, who cares when it's blocked by firewalls anyway.
JackCY is offline  
post #7 of 11 (permalink) Old 12-17-2018, 02:52 PM
mfw
 
ToTheSun!'s Avatar
 
Join Date: Jul 2011
Location: Terra
Posts: 6,113
Rep: 360 (Unique: 189)
Quote: Originally Posted by TFL Replica View Post
In the case of the gaming software (which I know is not mentioned here), you can usually save your preferences (DPI steps, LED color, etc.) on the device and just remove the application from startup.
That's not the case with Logitech Options, at least with my MX Master at work. The changes from default only apply when the process is running in the background.

CPU
Intel 6700K
Motherboard
Asus Z170i
GPU
MSI 2080 Sea Hawk X
RAM
G.skill Trident Z 3200CL14 8+8
Hard Drive
Samsung 850 EVO 1TB
Hard Drive
Crucial M4 256GB
Power Supply
Corsair SF600
Cooling
Noctua NH C14S
Case
Fractal Design Core 500
Operating System
Windows 10 Education
Monitor
ViewSonic XG2703-GS
Keyboard
Cooler Master Quickfire TK
Mouse
Corepadded Logitech G703
Mousepad
Cooler Master MP510
Audio
Fiio E17K v1.0 + Beyerdynamic DT 1990 PRO (B pads)
▲ hide details ▲
ToTheSun! is offline  
post #8 of 11 (permalink) Old 12-17-2018, 02:58 PM
Overclocker in training
 
ThrashZone's Avatar
 
Join Date: Apr 2017
Posts: 5,607
Rep: 39 (Unique: 31)
Hi,
Not sure what this is supposed to do but I can say it does nothing for a G910 keyboard lol probably nothing for G710+ either.

Vaper
(4 items)
CPU
i9-7900x With evo and koolance vrm water blocks
Motherboard
ASUS x299 TUF Mark 2
GPU
Titan Xp with copper Water Block
RAM
Trident Z 3600C16 4x8gb's
Hard Drive
Samsung 850 Pro 256gb for os and 500gb evo for favorite games plus other wd hdd's for data and backup's
Optical Drive
LG Blu-Ray WH16NS40
Power Supply
evga 1200P2
Cooling
2-280GTX Black Ice Nemesis rads with D5 pump-res combo and D5 top before and after rads.
Case
corsair 450D with added 2nd floor to house radiator on top
Operating System
Win-7 pro & 10 pro Win-7 Primary os.
Monitor
ASUS VG248QE 24" 144Hz
Keyboard
Logitech G910 Orion spectrum
Mouse
redragon
CPU
i7-5930k with evo and koolance vrm water blocks
Motherboard
X99 Sabertooth
GPU
EVGA 1080ti FTW3 with Water block
RAM
Trident-Z 3200C14 4x8gb's
Hard Drive
Samsung 850 Pro 256gb for os and 500gb evo for favorite games plus other wd hdd's for data and backup's
Power Supply
EVGA 1000w P2
Cooling
2-240 GTX Black Ice Nemesis rads/ D5 pump-res combo and D5 top before and after rads.
Case
Corsair 450D with added 2nd floor to house radiator on top
Operating System
Win-7 and 10 pro Win-7 Primary os.
Monitor
AOC G2460PG 24"G-Sync 144Hz
Mouse
Red Dragon
Hard Drive
eLeaf MELO-3 4ml
Power Supply
SE US18650VTC6 3120mAh 30A 3.6V 18650 Li-ion Battery - GREENx4
Case
SMOK Alien 220w
Operating System
VapeWild RazzleBerry 50-50-3mg
▲ hide details ▲
ThrashZone is offline  
post #9 of 11 (permalink) Old 12-17-2018, 04:49 PM
- Insanity Beckons -
 
Elrick's Avatar
 
Join Date: Apr 2013
Posts: 3,711
Rep: 169 (Unique: 86)
Quote: Originally Posted by ToTheSun! View Post
That's not the case with Logitech Options, at least with my MX Master at work. The changes from default only apply when the process is running in the background.
Also need their LGS to be running, so that my custom settings on any G810 keyboard can be remembered and used in real time.

Odd that they have started seeing the Razer idea in forcing their bloatware onto certain products. Maybe this will be the new norm for this company.
Elrick is offline  
post #10 of 11 (permalink) Old 12-18-2018, 05:23 AM
Overclocker
 
JackCY's Avatar
 
Join Date: Jun 2014
Posts: 8,701
Rep: 284 (Unique: 209)
You can switch LGS on "gaming" mice to be either mouse memory only or have custom per application profiles and then you need LGS running.

As far as I can see this thread is about a different Logitech software not about LGS. Plus you should not have your network configured so that anyone can connect to your PC to begin with, making the issue exploitable rather LAN if even that only. Guess someone bored at work could have "a little fun" with it.

I think the norm now is that these bloatware software's mine crypto for the manufacturer's profit, at least Razer, ASUS, ...? who else?
JackCY is offline  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off