Fujitsu wireless keyboards are vulnerable to keystroke injection attacks

• Fujitsu LX901 wireless keyboard sets are vulnerable to keystroke injection attacks due to ‘an insecure implementation of the data communication’.
• Keystroke injection attack allows attackers to compromise computers that are operated with a vulnerable Fujitsu LX901 keyboard set and remotely take control of the compromised system.

What is the issue - A German pen-testing firm named SySS GmbH disclosed that Fujitsu LX901 wireless keyboard sets consisting of a wireless mouse and wireless keyboard are vulnerable to keystroke injection attacks.

Why it matters - Keystroke injection attack allows attackers to compromise computers that are operated with a vulnerable Fujitsu LX901 keyboard set and remotely take control of the compromised system.

What is the root cause - Fujitsu LX901 wireless keyboard sets are vulnerable to keystroke attacks due to ‘an insecure implementation of the data communication’.

More details on the vulnerability

• The wireless keyboard sets are prone to keystroke injections by sending unencrypted data packets with the correct pack format to the wireless keyboard set’s receiver, the USB dongle.
• The receiver of the Fujitsu wireless keyboard set not only processes the data packets with the correct format but also the unencrypted data packets.
• This way, attackers could send arbitrary keystrokes to a victim's computers that are operated with a vulnerable Fujitsu LX901 keyboard set and remotely take control of the compromised system.

“However, the receiver (a.k.a. bridge) of the Fujitsu wireless keyboard set not only processes keyboard data packets encrypted with the correct shared AES key contained in the keyboard and bridge firmware, but also unencrypted data packets with the data packet format described in the CY4672 PRoC LP Reference Design Kit by Cypress Semiconductor,” SySS GmbH said in an advisory.

Worth noting

SySS GmbH reported the vulnerability to Fujitsu on October 19, 2019. Fujitsu confirmed the receipt of security advisory and asked for more details on the vulnerability. However, the firm has not released any patches to fix the vulnerability.

“In my communication with Fujitsu regarding the keystroke injection vulnerability, I did not receive any feedback regarding a patch for this security issue. Chances for a firmware patch are really slim,” Matthias Deeg, a security researcher at SySS GmbH told ZDNet.

“I do not recommend using this vulnerable keyboard in an environment with higher security demands. And I would advise not using it in exposed places where external attackers may come easily in the 2.4 GHz radio communication range of the wireless keyboard,” Deeg added. The security researcher also published a demo video on YouTube.