"Logitech Options" Software Vulnerability Disclosed, Users Should Uninstall Until Fix is Available

Raevenlord · Dec 14, 2018

(Update 1: It seems that Logitech has launched an updated version of their Options software with a fix for the vulnerabiity - but this only happened after the vulnerabiiity became public. You can go on over Logitech's own webpage to download the updated version, which includes the fix in its changelogs, from here. Safe browsing.)

Adding to the critical vulnerability galore that's been coming out of Google's Project Zero, a researcher has demonstrated how an inherent bug in the "Logitech Options" software renders users vulnerable when visiting web pages. Tavis Ormandy, with Google Project Zero, found that Logitech Options opens a local Websocket port that doesn't require authentication for external commands. Attackers could exploit this issue by sending simulated keystrokes from any website - and thus execute pretty much anything on affected systems.

Ormandy reported the issues to Logitech developers in September this year, and although Logitech recognized the problem, it still wasn't fixed in the last software release put out by the company. As part of Google Project Zero's responsible disclosure policy, Logitech was given a 90-day deadline to fix the issue - which they didn't, and hence, the vulnerability has been publicly disclosed. And as such, there's a whole world of potentially malicious hackers with the knowledge to execute this attack in the wild now - just uninstall the software until a fix is available, for your security. It's sure nice to have Options, but those shouldn't be given to hackers.

View at TechPowerUp Main Site

Ed_1 · Dec 14, 2018

https://gadgets.ndtv.com/apps/news/...-allowing-keystroke-injection-attacks-1962615

Raevenlord · Dec 14, 2018

Ed_1 said:
https://gadgets.ndtv.com/apps/news/...-allowing-keystroke-injection-attacks-1962615

Dänke =) Updated the story pointing to the new version.

Mussels · Dec 14, 2018

I've never heard of this software before, despite owning several logitech products :/

TheDeeGee · Dec 14, 2018

Mussels said:
I've never heard of this software before, despite owning several logitech products :/

I think this is what SetPoint used to be?

Mussels · Dec 14, 2018

theres a pretty short list of supported products on the website

32 devices out of their whole range, and most of them non-gamer stuff

newtekie1 · Dec 14, 2018

I wonder if this bug also affects the Logitech Gaming Software, which seems very similar but geared towards most of their "gaming" products...

delshay · Dec 14, 2018

That's odd. I have the MX Master & I just checked my software & it's the old version. I just click on update & it fail to see the new version.

Currently manually downloading & installing. EDIT: Done fixed.

Assimilator · Dec 14, 2018

Mussels said:
I've never heard of this software before, despite owning several logitech products :/

Ditto. Seems that Logitech Gaming Software aka LGS, formerly known as SetPoint, is for their gaming gear and this "Options" is for... everything else?

newtekie1 said:
I wonder if this bug also affects the Logitech Gaming Software, which seems very similar but geared towards most of their "gaming" products...

I would expect so, I mean a lot of the underlying functionality must be identical regardless. That said there's no update for LGS, so maybe not.

newtekie1 · Dec 14, 2018

Assimilator said:
I would expect so, I mean a lot of the underlying functionality must be identical regardless. That said there's no update for LGS, so maybe not.

Of they just haven't gotten around to releasing an update for it, or they don't plan to until a 3rd party confirms the vulnerability exists in LGS too. Heck, it sounds like they weren't planning on even updating Logitech Options but only did so because the vulnerability hit the press...

And the initial vulnerability report only exists because the person actually uses the Logitech Options software, so it isn't likely anyone has even bothered to test LGS.

Edit: Also, as to the update in the original post about the issue being fixed in the latest version. According to the comments on the Google Project Zero vulnerability page, that isn't true. The original person that found the bug says they are going to test the latest version, but hasn't posted back on if the issue still exists. And one user posted saying the vulnerability is still in the latest version of Logitech Options. So there has been no solid confirmation that the latest version fixes the vulnerability. So, I'd still be hesitant about installing Logitech Options.

Makaveli · Dec 15, 2018

I use an MX Master as my work mouse.

I saw it requesting a software update this morning as I had to go into the office for a network issue.

Updated it.

Will have to run a report to see how many people have this software installed on Monday.

R00kie · Dec 16, 2018

Does this apply to the G Hub as well?

eidairaman1 · Dec 16, 2018

Did they steal this from uberoptions?

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

System Name	Ed-PC
Processor	Intel i5-12600k
Motherboard	Asus TUF Z690 PLUS Wifi D4
Cooling	Noctua NH-14S
Memory	Crucial Ballistix DDR4 C16@3600 16GB
Video Card(s)	Nvidia MSI 970
Storage	Samsung 980, 860evo
Case	Lian Li Lancool II mesh Perf
Audio Device(s)	onboard
Power Supply	Corsair RM750x
Software	Win10 Pro 64bit

System Name	The Ryzening
Processor	AMD Ryzen 9 5900X
Motherboard	MSI X570 MAG TOMAHAWK
Cooling	Lian Li Galahad 360mm AIO
Memory	32 GB G.Skill Trident Z F4-3733 (4x 8 GB)
Video Card(s)	Gigabyte RTX 3070 Ti
Storage	Boot: Transcend MTE220S 2TB, Kintson A2000 1TB, Seagate Firewolf Pro 14 TB
Display(s)	Acer Nitro VG270UP (1440p 144 Hz IPS)
Case	Lian Li O11DX Dynamic White
Audio Device(s)	iFi Audio Zen DAC
Power Supply	Seasonic Focus+ 750 W
Mouse	Cooler Master Masterkeys Lite L
Keyboard	Cooler Master Masterkeys Lite L
Software	Windows 10 x64

System Name	Rainbow Sparkles (Power efficient, <350W gaming load)
Processor	Ryzen R7 5800x3D (Undervolted, 4.45GHz all core)
Motherboard	Asus x570-F (BIOS Modded)
Cooling	Alphacool Apex UV - Alphacool Eisblock XPX Aurora + EK Quantum ARGB 3090 w/ active backplate
Memory	2x32GB DDR4 3600 Corsair Vengeance RGB @3866 C18-22-22-22-42 TRFC704 (1.4V Hynix MJR - SoC 1.15V)
Video Card(s)	Galax RTX 3090 SG 24GB: Underclocked to 1700Mhz 0.750v (375W down to 250W))
Storage	2TB WD SN850 NVME + 1TB Sasmsung 970 Pro NVME + 1TB Intel 6000P NVME USB 3.2
Display(s)	Phillips 32 32M1N5800A (4k144), LG 32" (4K60) \| Gigabyte G32QC (2k165) \| Phillips 328m6fjrmb (2K144)
Case	Fractal Design R6
Audio Device(s)	Logitech G560 \| Corsair Void pro RGB \|Blue Yeti mic
Power Supply	Fractal Ion+ 2 860W (Platinum) (This thing is God-tier. Silent and TINY)
Mouse	Logitech G Pro wireless + Steelseries Prisma XL
Keyboard	Razer Huntsman TE ( Sexy white keycaps)
VR HMD	Oculus Rift S + Quest 2
Software	Windows 11 pro x64 (Yes, it's genuinely a good OS) OpenRGB - ditch the branded bloatware!
Benchmark Scores	Nyooom.

System Name	TheDeeGee's PC
Processor	Intel Core i7-11700
Motherboard	ASRock Z590 Steel Legend
Cooling	Noctua NH-D15S
Memory	Crucial Ballistix 3200/C16 32GB
Video Card(s)	Nvidia RTX 4070 Ti 12GB
Storage	Crucial P5 Plus 2TB / Crucial P3 Plus 2TB / Crucial P3 Plus 4TB
Display(s)	EIZO CX240
Case	Lian-Li O11 Dynamic Evo XL / Noctua NF-A12x25 fans
Audio Device(s)	Creative Sound Blaster ZXR / AKG K601 Headphones
Power Supply	Seasonic PRIME Fanless TX-700
Mouse	Logitech G500S
Keyboard	Keychron Q6
Software	Windows 10 Pro 64-Bit
Benchmark Scores	None, as long as my games runs smooth.

"Logitech Options" Software Vulnerability Disclosed, Users Should Uninstall Until Fix is Available

Raevenlord

News Editor

Ed_1

Raevenlord

News Editor

Mussels

Freshwater Moderator

TheDeeGee

Mussels

Freshwater Moderator

newtekie1

Semi-Retired Folder

delshay

Assimilator

newtekie1

Semi-Retired Folder

Makaveli

R00kie

eidairaman1

The Exiled Airman

Processor	Intel Core i7 10850K@5.2GHz
Motherboard	AsRock Z470 Taichi
Cooling	Corsair H115i Pro w/ Noctua NF-A14 Fans
Memory	32GB DDR4-3600
Video Card(s)	RTX 2070 Super
Storage	500GB SX8200 Pro + 8TB with 1TB SSD Cache
Display(s)	Acer Nitro VG280K 4K 28"
Case	Fractal Design Define S
Audio Device(s)	Onboard is good enough for me
Power Supply	eVGA SuperNOVA 1000w G3
Software	Windows 10 Pro x64

System Name	Firelance.
Processor	Threadripper 3960X
Motherboard	ROG Strix TRX40-E Gaming
Cooling	IceGem 360 + 6x Arctic Cooling P12
Memory	8x 16GB Patriot Viper DDR4-3200 CL16
Video Card(s)	MSI GeForce RTX 4060 Ti Ventus 2X OC
Storage	2TB WD SN850X (boot), 4TB Crucial P3 (data)
Display(s)	Dell S3221QS(A) (32" 38x21 60Hz) + 2x AOC Q32E2N (32" 25x14 75Hz)
Case	Enthoo Pro II Server Edition (Closed Panel) + 6 fans
Power Supply	Fractal Design Ion+ 2 Platinum 760W
Mouse	Logitech G604
Keyboard	Razer Pro Type Ultra
Software	Windows 10 Professional x64

System Name	The Expanse
Processor	AMD Ryzen 7 9800X3D
Motherboard	Asus Prime X670E-Pro Wifi BIOS 3222 AGESA PI 1.2.0.3a
Cooling	Corsair H150i Elite LCD XT
Memory	64GB G.SKILL Trident Z5 Neo RGB DDR5 6000 CL 30-40-40-96 1T
Video Card(s)	XFX Radeon RX 7900 XTX Magnetic Air (25.3.1)
Storage	WD SN850X 2TB / Corsair MP600 1TB / Samsung 860Evo 1TB x2 Raid 0 / Asus NAS AS1004T V2 20TB
Display(s)	LG 34GP83A-B 34 Inch 21: 9 UltraGear Curved QHD (3440 x 1440) 1ms Nano IPS 160Hz
Case	Fractal Design Meshify S2
Audio Device(s)	Creative X-Fi + Logitech Z-5500 + HS80 Wireless
Power Supply	Corsair AX850 Titanium
Mouse	Corsair Dark Core RGB SE
Keyboard	Corsair K100
Software	Windows 10 Pro x64 22H2
Benchmark Scores	https://valid.x86.fr/0412jp https://browser.geekbench.com/v6/cpu/11073923

System Name	Main / HTPC
Processor	Ryzen 7 7800X3D / Ryzen 7 2700
Motherboard	Aorus B650M Elite AX/ B450i Aorus Pro Wifi
Cooling	Thermalright Phantom Spirit 120 EVO / Wraith Spire
Memory	Corsair Vengeance 2x16 6000MHz CL30 / HyperX Predator 2x8GB 3200MHz
Video Card(s)	MSI RTX 4080 Super Gaming X Slim / ARC A380
Storage	WD Black SN770 1TB / Sabrent Rocket 256GB
Display(s)	Aorus FO32U2P / 39" Panasonic HDTV
Case	Asus AP201 / Cougar QBX
Audio Device(s)	Denon AVR-X2800H / Realtek ALC1220
Power Supply	Corsair RM1000e / BeQuiet SFX Power 2 450W
Mouse	Logitech G903
Keyboard	Drop Sense75 with WQ Studio Morandi's
VR HMD	Rift S
Software	Win 11 Pro 64Bit

System Name	PCGOD
Processor	AMD FX 8350@ 5.0GHz
Motherboard	Asus TUF 990FX Sabertooth R2 2901 Bios
Cooling	Scythe Ashura, 2×BitFenix 230mm Spectre Pro LED (Blue,Green), 2x BitFenix 140mm Spectre Pro LED
Memory	16 GB Gskill Ripjaws X 2133 (2400 OC, 10-10-12-20-20, 1T, 1.65V)
Video Card(s)	AMD Radeon 290 Sapphire Vapor-X
Storage	Samsung 840 Pro 256GB, WD Velociraptor 1TB
Display(s)	NEC Multisync LCD 1700V (Display Port Adapter)
Case	AeroCool Xpredator Evil Blue Edition
Audio Device(s)	Creative Labs Sound Blaster ZxR
Power Supply	Seasonic 1250 XM2 Series (XP3)
Mouse	Roccat Kone XTD
Keyboard	Roccat Ryos MK Pro
Software	Windows 7 Pro 64