Lenovo Ultraslim Wireless Keyboard Keystroke Injection
Lenovo Ultraslim Wireless Keyboard Keystroke Injection
Lenovo Ultraslim Wireless Keyboard Keystroke Injection
Lenovo Security Advisory: LEN-7267
Potential Impact: Potential unwanted data input
Severity: Medium
Scope of Impact: Industry-Wide
Summary Description:
A vulnerability was identified where an attacker with specialized equipment who is within close physical proximity to a system with the dongle for the Lenovo Ultraslim Wireless keyboard and mouse could enter keyboard inputs (e.g., keystrokes) into the user’s system.
Legitimate user keyboard input through the wireless keyboard remains encrypted and plain text keystrokes entered through the Lenovo Ultraslim wireless keyboard cannot be read wirelessly as a result of this vulnerability.
Mitigation Strategy for Customers (what you should do to protect yourself):
Lenovo recommends using the Ultraslim Wireless keyboard and mouse in physically secure locations and is working on fixing the firmware in the affected keyboards. The firmware can only be installed at the time of manufacture. Users who are concerned about this and need an immediate mitigation can contact the Lenovo Support Center (https://support.lenovo.com/contactus) and Lenovo will replace the affected keyboard and mouse with a wired keyboard and mouse.
When the firmware fix is available, this advisory will be updated to advise users to contact the Lenovo Support Center. At that time, Lenovo will offer to replace the affected keyboard with a new Ultraslim Wireless keyboard and dongle containing the updated firmware. Lenovo appreciates the patience of impacted customers in this situation. The company will do its best to process all requests with care and efficiency.
Product Impact:
Part Description | FRU | Part Number |
Liteon SK-8861 2.4G KBD_GD_US | 00XH736 | SD50M33721 |
Liteon ZTM600 2.4G Mouse GD_WW | 00PH140 | SM50M33720 |
Wireless Keyboard Black(Silver Silk) English LVT8 | 01AH627 | SD50K93072 25209175 |
Wireless Keyboard Black(Silver Silk) Malaysia English LVT8 | 01AH628 | SD50K93080 25209176 |
Wireless Keyboard Black(Silver Silk) Taiwan Traditional Chinese LVT8 | 01AH629 | SD50K93084 25209177 |
Wireless Keyboard Black(Silver Silk) Thai LVT8 | 01AH630 | SD50K93078 |
Wireless Keyboard Black(Silver Silk) Czech/Slovakian LVT8 | 01AH631 | SD50K93079 |
Wireless Keyboard Black(Silver Silk) India English LVT8 | 01AH632 | SD50K93116 |
Wireless Keyboard Black(Silver Silk) Russian LVT8 | 01AH633 | SD50K93113 |
Wireless Keyboard Black(Silver Silk) UK English LVT8 | 01AH634 | SD50K93109 25209182 |
Wireless Keyboard Black(Silver Silk) Nordics LVT8 | 01AH635 | SD50K93094 25209183 |
Wireless Keyboard Black(Silver Silk) Laspanish LVT8 | 01AH636 | SD50K93095 25209184 |
Wireless Keyboard Black(Silver Silk) Argentina Laspanish LVT8 | 01AH637 | SD50K93069 25209185 |
Wireless Keyboard Black(Silver Silk) Arabic LVT8 | 01AH638 | SD50K93098 25209186 |
Wireless Keyboard Black(Silver Silk) Swiss LVT8 | 01AH639 | SD50K93064 25209187 |
Wireless Keyboard Black(Silver Silk) German LVT8 | 01AH640 | SD50K93099 25209188 |
Wireless Keyboard Black(Silver Silk) Turkish LVT8 | 01AH641 | SD50K93107 25209189 |
Wireless Keyboard Black(Silver Silk) Spanish LVT8 | 01AH642 | SD50K93061 25209190 |
Wireless Keyboard Black(Silver Silk) Slovenian LVT8 | 01AH643 | SD50K93091 25209191 |
Wireless Keyboard Black(Silver Silk) Italian LVT8 | 01AH644 | SD50K93111 25209192 |
Wireless Keyboard Black(Silver Silk) Hebrew LVT8 | 01AH645 | SD50K93092 25209193 |
Wireless Keyboard Black(Silver Silk) French LVT8 | 01AH646 | SD50K93060 25209194 |
Wireless Keyboard Black(Silver Silk) Greek LVT8 | 01AH647 | SD50K93062 25209195 |
Wireless Keyboard Black(Silver Silk) Hungarian LVT8 | 01AH648 | SD50K93076 25209196 |
Wireless Keyboard Black(Silver Silk) Bulgarian LVT8 | 01AH649 | SD50K93102 25209197 |
Wireless Keyboard Black(Silver Silk) Korean LVT8 | 01AH650 | SD50K93082 25209198 |
Wireless Keyboard Black(Silver Silk) Japanese LVT8 | 01AH651 | SD50K93112 25209199 |
Wireless Keyboard Black(Silver Silk) Canada English/French LVT8 | 01AH652 | SD50K93075 25209200 |
Wireless Keyboard Black(Silver Silk) Portuguese LVT8 | 01AH653 | SD50K93103 25209201 |
Wireless Keyboard Black(Silver Silk) Belgium English LVT8 | 01AH654 | SD50K93081 25209202 |
Wireless Keyboard Black(Silver Silk) USI English LVT8 for Netherlands | 01AH655 | SD50K93065 25209203 |
Silver silk 2.4G KB(BR)-black | 00UW407 | SD50K02047 |
Wireless Mouse Black | 01AH700 | SM50K93074 25203464 |
Wireless Mouse Black No Battery | 00UW408 | SM50K02048 25203465 |
Wireless Mouse Black Malaysia | 01AH701 | SM50K93114 25203466 |
Wireless Mouse Black Japan | 01AH702 | SM50K93110 25205773 |
Acknowledgements:
Lenovo thanks Marc Newlin from Bastille Threat Research Team.
Other information and references:
CVE ID: CVE-2016-6257
https://www.bastille.net/research/vulnerabilities/keyjack
Revision History:
Revision |
Date |
Description |
1.0 |
27 July 2016 |
Initial release |
Your feedback helps to improve the overall experience