Do you use a Logitech wireless mouse or keyboard on your PC or Mac? There’s a good chance your device is vulnerable to the “MouseJack” attack. Devices sold prior to 2016 are vulnerable, but many devices sold afterward are, too.
As Sean Hollister at The Verge reports, the MouseJack attack lets a nearby attacker break into a Logitech USB receiver connected to your computer. They can connect their devices to it and send all the keyboard input they want. Just by sending keyboard input, the attacker could download malware or wipe your PC.
This problem was reported in 2016. To fix it, Logitech rolled out a firmware update. However, Logitech never recalled existing devices offered for sale. Even if you bought a new device in the last few years, it could be vulnerable. This update may not even be offered through Logitech’s standard desktop software for some reason. You may have to go out of your way to find, download, and run it.
To fix the problem, visit this page on Logitech’s website, download the appropriate update, and install it. For Logitech unifying receivers (USB dongles), updates are available for both Windows PCs and Macs. There’s also a separate update to install if you have a Logitech G900 gaming mouse.
If you’re not sure whether you’ve ever installed the firmware update or whether your new receiver came with the new firmware or not, just download the update and try installing it. The updater will let you know if all your devices are up to date.
As Logitech notes, this tool will also update the firmware on some specific vulnerable Logitech wireless keyboards at the same time. Ensure they’re connected while running the updater:
If you have K780 MULTI-DEVICE WIRELESS KEYBOARD, K375s MULTI-DEVICE KEYBOARD, WIRELESS TOUCH KEYBOARD K400 PLUS, MK850 PERFORMANCE or ILLUMINATED LIVING-ROOM KEYBOARD K830 connected with your Unifying receiver, the tool will guide you to update the firmware on the keyboard as well.