Well you know the internet…everything you read is true. Okay, you know me, I doubt many things I read on the internet.
In 2016, security people found another security hole. Can you believe that? It seems like this type of thing pops up on a pretty regular basis. And usually they are the mountain-out-of-a-molehill variety. Less often, in my opinion, there are some very real threats.
Bastille Security found a security hole in wireless dongles produced by the Logitech company. Logitech is one of the most prolific producers of consumer computer/digital electronics. Most of the devices they design are based off of Bluetooth technology. They make earbuds, speakers, computer mice, keyboards, etc. all with Bluetooth connectivity. The mice and keyboards usually have a small dongle which plugs into your USB port on your computer and communicates back and forth between your computer and the connected device(s).
Take a look around your computer. Look at your mouse and see if you see the “Logitech” name on it. I bet you have one or two as do I. I like them too and they have worked well for me over the years. They have a great price point, batteries in mine usually last well over a year and the devices usually last for many years.
Now back to the security issue. If you have a Logitech device with a small dongle plugged into your computer, look at the dongle and see if it has a small orange, six-pointed star-like emblem on it (see below). If it does then you have a Logitech Unifying Wireless Protocol dongle. What is a UWP dongle? It is a dongle which lets up to six compatible Logitech devices, like mice, keyboards, etc. to be linked to the same computer. Also, if you happen to break your mouse or lose your dongle a new mouse or dongle can be relinked to the remaining device. In my experience when I needed a new dongle it was almost as inexpensive and much quicker to buy a new mouse with a dongle.
Basically, the problem is a nefarious individual could take control of your computer through the UWP dongle and get all of your information, passwords, etc. When Logitech was given this information in 2016, they said, “The vulnerabilities would be complex to replicate and would require a hacker to be physically close to a target. It’s therefore an unlikely path of attack.” Logitech decided to release a patch anyway and promoted it a little as they thought it was no big deal. I agree with their assessment but until someone recently rebroadcast this “news” it was and still is a mountain/molehill thing.
Keep in mind that the tests were done in a small and secure area. Remember that to affect a Bluetooth dongle they would have to be really close to you. The hardware design for regular Bluetooth says that it “can” reach approximately 300 feet. But in my reality, it doesn’t stretch much beyond 30-40 feet.
So, the fix is to visit “doubleclicks.info/mouseupdate.” This takes you to the Logitech update tool. Scroll down the page and chose, “You can download a simple updating tool here” click download and install the file named, “SecureDFU_1.0.48.exe.” I did it the other night and it was flawless.
Look below for some of the screens you will get once you start the update.
You may get a step between these two saying you need to update or you do not need to update.
