Logitech Unifying receiver
{{Short description|USB wireless receiver}}
File:Logitech_unifying_receiver.jpg
File:Logitech_Unifying_Receiver_USB.jpg
The Logitech Unifying Receiver is a small dedicated USB wireless receiver, based on the nRF24L-family of RF devices,{{cite web
| title=MouseJack device discovery and research tools
| url=https://github.com/BastilleResearch/mousejack#flash-a-logitech-unifying-dongle
| first=Marc
| last=Newlin
| website=GitHub
| date=2016-08-07
| accessdate=2019-07-25}} that allows up to six compatible Logitech human interface devices (such as mice, trackballs, touchpads, and keyboards; headphones are not compatible) to be linked to the same computer using 2.4 GHz band radio communication. Receivers that are bundled with a Logitech product are paired with the device at the factory. When purchasing a replacement receiver or connecting multiple devices to one receiver, pairing requires the free-of-charge Logitech Unifying software, available for Microsoft Windows and macOS. On Linux, the [https://pwr-solaar.github.io/Solaar/ Solaar software] can be used to adjust the configurations. Although not compatible with Bluetooth, devices pair to Unifying Receivers in a similar way.{{cite web
| last=Gallegos
| first=Gary
| title=Gadgets: The Logitech Unifying Receiver (aka "fake bluetooth")
| url=http://www.gadgetstreet.com/gadgets-the-logitech-unifying-receiver-aka-fake-bluetooth/
| archiveurl=https://web.archive.org/web/20160304073820/http://www.gadgetstreet.com/gadgets-the-logitech-unifying-receiver-aka-fake-bluetooth/
| archivedate=4 March 2016
| url-status=dead}} Peripherals remain paired, and can then be used on systems not supporting the software. Logitech receivers compatible with the Unifying protocol can be identified by the orange Unifying logo, which distinguishes them from Logitech Nano receivers of similar appearance, which pair similarly but only with a single device, without using the Unifying protocol.
Logitech Unifying Receivers (LURs) are often included in wireless Logitech keyboard, mouse, and combo sets, and may be purchased separately. Some Logitech peripherals allow a receiver to be stored inside.{{Cite web|url=https://www.logitech.com/images/pdf/userguides/multi_connect_instructions.pdf|title=Logitech Unifying Multi-Connect Utility Setup Instructions|website=Logitech}}
A newer receiver named "Logitech Bolt" was released in 2021 that promises lower latency but is incompatible with Unifying products.
Compatibility and use
Each peripheral device can pair to one receiver per profile. While most peripherals only store one profile, newer products such as the Logitech MX Master, MX Anywhere series, and M720 Triathlon allow multiple profiles. These devices can be connected to multiple receivers simultaneously. This allows the use of receivers in several computers, e.g., a desktop and a laptop computer, selecting the computer to use by changing profiles on the mouse. This multi-computer function is further augmented by Logitech Flow (software KVM solution) which is similar to Synergy. For devices without multi-computer support, the receiver and input devices can be moved together from one computer to another, maintaining their paired status after being unplugged, as the pairing information is held in the little USB receiver—this is much simpler than transferring the peripheral from one receiver to another by changing the setup in software, and also avoids the limitation to 45 pairings of older devices. This also allows the use of peripherals on computing devices that do not support Unifying Software, e.g. devices supporting USB OTG with operating systems such as Android: first pair to the receiver on a PC or Mac.{{cite web |url=https://community.musictribe.com/t5/Recording/Android-Tablets-and-Logitech-Unifying-Devices/td-p/236993 |title=Android Tablets and Logitech Unifying Devices|website=Music Tribe|date=7 January 2018|author=}}
Some older Unifying devices {{Specify|date=October 2024|reason=Which devices? How old?}} limit the number of allowable pairing changes to a maximum of 45 times. Once the 45th connection is made, it is no longer possible to connect such a device to a different receiver. For users who often switch a Unifying device between multiple PCs or laptops with individual receivers, this connection limit can become an issue. For example, a user who frequently switches a mouse between two receivers (e.g. at work and home) will quickly exhaust the limit of available pairing switches.{{cite web
| title=Limitations on Unifying devices
| url=https://support.logi.com/hc/en-us/articles/360023187214
| archiveurl=https://web.archive.org/web/20190710134058/https://support.logi.com/hc/en-us/articles/360023187214
| archivedate=2019-07-10
| url-status=live
| accessdate=2019-07-25}} Logitech advises customers with this issue to contact their Customer Care. Newer devices can switch pairings an unlimited number of times.
Pairing software is available from Logitech for Microsoft Windows and Mac OS X. Wireless devices using the Unifying Receiver are supported since Linux 3.2.{{cite web
| title=HID: Add full support for Logitech Unifying Receivers
| author=Nestor Lopez Casado
| date=2011-09-15
| url=https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/drivers/hid/hid-logitech-dj.c?id=534a7b8
| work=Linux kernel
| accessdate=2019-07-25}}
Software to manage Unifying devices on Linux is available from third party developers, such as Solaar.{{GitHub|pwr-Solaar/Solaar|Solaar}}
Many companies have made peripherals that connect via USB wireless receivers very similar to Logitech's; Logitech devices are incompatible with many of these "off-brand" receivers{{Citation needed|date=October 2019}}.
There are many different hardware versions of the unifying receiver. The most common is used for daily use, and is marked CU-0007 on the metal jacket. CU-0008 is distributed with gaming devices, and features lower latency.
Security
Several security vulnerabilities of the Logitech Unifying system were reported in 2016 and 2019,{{cite web
| url=https://github.com/mame82/misc/blob/master/logitech_vuln_summary.md
| title=Summary / Overview of known Logitech wireless peripheral vulnerabilities
| author=mame82
| website=GitHub
| date=2019-07-09
| accessdate=2019-07-25}} and patches released.
= MouseJacking and keyjacking =
MouseJacking, first reported by Bastille Networks, Inc., is the sending of malicious radio signals (packets) wirelessly to an unsuspecting user through Logitech Unifying wireless technology. The exploit takes advantage of a user's vulnerable Logitech Unifying Receiver and unencrypted signals within a range of about 100 meters. Possible exploits include:
- Keystroke injection by spoofing either a paired mouse or keyboard
- Forced pairing
== Affected devices and firmware ==
| class="wikitable"
|+Devices !Device !USB ID |
| Unifying receiver
|046d:c52b |
| Unifying receiver
|046d:c539 |
| Logitech Wireless Gaming Mouse G900
|046d:c081 |
| Logitech Wireless Keyboard K360
|046d:4004 |
| Logitech Multi-Device Wireless Keyboard K370s
|046d:4061 |
| Logitech Multi-Device Wireless Keyboard K375s
|046d:4061 |
| Logitech Wireless Touch Keyboard K400r
|046d:400e, 046d:4024 |
| Logitech Wireless Touch Keyboard K400 Plus
|046d:404d |
| Logitech Wireless Solar Keyboard K750
|046d:4002 |
| Logitech Multi-Device Wireless Keyboard K780
|046d:405b |
| Logitech Illuminated Living-Room Keyboard K830
|046d:404c, 046d:4032 |
| Logitech Performance Wireless Keyboard MK850
|046d:4062 |
| Logitech Wireless Mouse M335
| |
| Logitech Zone Touch Mouse T400
|046d:4026 |
| Logitech Wireless Mouse M545
| |
| Logitech Wireless Mouse M560
| |
| Logitech Touch Mouse M600
|046d:401a |
| Logitech Touch Mouse T620
|046d:4027 |
| Logitech Wireless Rechargeable Touchpad T650
|046d:4101 |
| class="wikitable"
|+RQR12 Firmware !Firmware Version !Vulnerabilities |
| 012.001.00019
|Affected by Bastille security issues #1, #2, #3{{cite web | url=https://www.bastille.net/research/vulnerabilities/mousejack/affected-devices | title=MouseJack Affected Devices | publisher=Bastille Networks | accessdate=2019-07-25}}{{cite web | url=https://github.com/Logitech/fw_updates/blob/master/RQR12/RQR12.08/RQR12.08_B0030.txt | title=RQR12.08 Build 0030 | first=Marc | last=Viredaz | website=GitHub | date=2017-12-22 | accessdate=2019-07-25}} |
| 012.003.00025 |
| <012.005.00028 |
| 012.005.00028 |
| 012.007.00029 |
| class="wikitable"
|+RQR24 Firmware !Firmware Version !Vulnerabilities |
| <024.003.00027
|Affected by Bastille security issue #2, #3, #11, #13{{cite web | url=https://github.com/Logitech/fw_updates/blob/master/RQR24/RQR24.06/RQR24.06_B0030.txt | title=RQR24.06 Build 0030 | first=Marc | last=Viredaz | website=GitHub | date=2017-12-22 | accessdate=2019-07-25}} |
| 024.003.00027 |
| 024.005.00029 |
== Firmware not affected ==
| class="wikitable"
|+RQR12 Firmware !Firmware Version !Notes |
| 012.008.00030
| |
| 012.009.00030
|Identical to 012.008.00030 but DFU signed{{cite web | url=https://github.com/Logitech/fw_updates/blob/master/RQR12/RQR12.09/RQR12.09_B0030.txt | title=RQR12.09 Build 0030 | first=Marc | last=Viredaz | website=GitHub | date=2017-12-22 | accessdate=2019-07-25}} |
| class="wikitable"
|+RQR24 Firmware !Firmware Version !Notes |
| 024.006.00030
| |
| 024.007.00030
|Identical to 024.006.00030 but DFU signed{{cite web | url=https://github.com/Logitech/fw_updates/blob/master/RQR24/RQR24.07/RQR24.07_B0030.txt | title=RQR24.07 Build 0030 | first=Marc | last=Viredaz | website=GitHub | date=2017-12-22 | accessdate=2019-07-25}} |
== Response ==
Logitech has released Unifying receiver firmware updates as new exploits were reported.{{cite web
| url=https://support.logi.com/hc/en-001/community/posts/360032078393-Logitech-Response-to-Research-Findings
| title=Logitech Response to Research Findings
| date=2016-07-28
| author=LogiLaurie
| archiveurl=https://web.archive.org/web/20190709233137/https://support.logi.com/hc/en-001/community/posts/360032078393-Logitech-Response-to-Research-Findings
| archivedate=2019-07-09
| url-status=live
Linux users can use fwupd to flash an updated firmware. It will automatically detect available updates for any connected unifying receivers and many other firmware updatable devices. An outdated alternative is MouseJack.
Flashing on a Linux/UNIX host via a hypervisor such as VirtualBox along with a Windows virtual guest image and the Windows Logitech update executable is also possible. If using a Windows virtual guest, it is recommended to have a second available pointing device while the dongle is being updated. The second pointing device may be needed to allow the user to select and enable pass through of the unifying receiver via the hypervisor task bar after executing the firmware updater so that the device is found and updated.
Updating the Unifying receiver firmware to versions RQR12.08 or greater and RQR24.06 or greater can limit some functionality of certain paired devices unless the devices' firmware is also updated.
= Other vulnerabilities =
On July 9, 2019 another set of vulnerabilities was disclosed and documented by a different researcher. A firmware update for Unifying receivers addressing the "Encryption Key Extraction Through USB" vulnerability (CVE-2019-13054/55) was released on 28 August 2019. Some users reported in 2019 that some Unifying devices were still being sold that were vulnerable to the original 2016 MouseJacking attack.{{Cite web|url=https://www.theverge.com/2019/7/14/20692471/logitech-mousejack-wireless-usb-receiver-vulnerable-hack-hijack|title=Why you should really, really update your Logitech wireless dongle|last=Hollister|first=Sean|date=2019-07-14|website=The Verge|language=en|access-date=2020-01-02}}
See also
References
{{Reflist}}
External links
- [https://www.logitech.com/en-us/resource-center/what-is-unifying.html Logitech Unifying Software]
{{Logitech}}