Lenovo Ultraslim Wireless Keyboard Keystroke Injection

Lenovo Ultraslim Wireless Keyboard Keystroke Injection

Lenovo Ultraslim Wireless Keyboard Keystroke Injection

Lenovo Security Advisory: LEN-7267

Potential Impact:  Potential unwanted data input

Severity:  Medium

Scope of Impact: Industry-Wide

 

Summary Description:

A vulnerability was identified where an attacker with specialized equipment who is within close physical proximity to a system with the dongle for the Lenovo Ultraslim Wireless keyboard and mouse could enter keyboard inputs (e.g., keystrokes) into the user’s system.

Legitimate user keyboard input through the wireless keyboard remains encrypted and plain text keystrokes entered through the Lenovo Ultraslim wireless keyboard cannot be read wirelessly as a result of this vulnerability.

 

Mitigation Strategy for Customers (what you should do to protect yourself):

Lenovo recommends using the Ultraslim Wireless keyboard and mouse in physically secure locations and is working on fixing the firmware in the affected keyboards. The firmware can only be installed at the time of manufacture. Users who are concerned about this and need an immediate mitigation can contact the Lenovo Support Center (https://support.lenovo.com/contactus) and Lenovo will replace the affected keyboard and mouse with a wired keyboard and mouse.

When the firmware fix is available, this advisory will be updated to advise users to contact the Lenovo Support Center. At that time, Lenovo will offer to replace the affected keyboard with a new Ultraslim Wireless keyboard and dongle containing the updated firmware. Lenovo appreciates the patience of impacted customers in this situation. The company will do its best to process all requests with care and efficiency.

 

Product Impact:

Part Description   FRU Part Number
Liteon SK-8861 2.4G KBD_GD_US   00XH736 SD50M33721
Liteon ZTM600 2.4G Mouse GD_WW   00PH140 SM50M33720
Wireless Keyboard Black(Silver Silk) English LVT8   01AH627 SD50K93072
25209175
Wireless Keyboard Black(Silver Silk) Malaysia English LVT8   01AH628 SD50K93080
25209176
Wireless Keyboard Black(Silver Silk) Taiwan Traditional Chinese LVT8   01AH629 SD50K93084
25209177
Wireless Keyboard Black(Silver Silk) Thai LVT8   01AH630 SD50K93078
Wireless Keyboard Black(Silver Silk) Czech/Slovakian LVT8   01AH631 SD50K93079
Wireless Keyboard Black(Silver Silk) India English LVT8   01AH632 SD50K93116
Wireless Keyboard Black(Silver Silk) Russian LVT8   01AH633 SD50K93113
Wireless Keyboard Black(Silver Silk) UK English LVT8   01AH634 SD50K93109
25209182
Wireless Keyboard Black(Silver Silk) Nordics LVT8   01AH635 SD50K93094
25209183
Wireless Keyboard Black(Silver Silk) Laspanish LVT8   01AH636 SD50K93095
25209184
Wireless Keyboard Black(Silver Silk) Argentina Laspanish LVT8   01AH637 SD50K93069
25209185
Wireless Keyboard Black(Silver Silk) Arabic LVT8   01AH638 SD50K93098
25209186
Wireless Keyboard Black(Silver Silk) Swiss LVT8   01AH639 SD50K93064
25209187
Wireless Keyboard Black(Silver Silk) German LVT8   01AH640 SD50K93099
25209188
Wireless Keyboard Black(Silver Silk) Turkish LVT8   01AH641 SD50K93107
25209189
Wireless Keyboard Black(Silver Silk) Spanish LVT8   01AH642 SD50K93061
25209190
Wireless Keyboard Black(Silver Silk) Slovenian LVT8   01AH643 SD50K93091
25209191
Wireless Keyboard Black(Silver Silk) Italian LVT8   01AH644 SD50K93111
25209192
Wireless Keyboard Black(Silver Silk) Hebrew LVT8   01AH645 SD50K93092
25209193
Wireless Keyboard Black(Silver Silk) French LVT8   01AH646 SD50K93060
25209194
Wireless Keyboard Black(Silver Silk) Greek LVT8   01AH647 SD50K93062
25209195
Wireless Keyboard Black(Silver Silk) Hungarian LVT8   01AH648 SD50K93076
25209196
Wireless Keyboard Black(Silver Silk) Bulgarian LVT8   01AH649 SD50K93102
25209197
Wireless Keyboard Black(Silver Silk) Korean LVT8   01AH650 SD50K93082
25209198
Wireless Keyboard Black(Silver Silk) Japanese LVT8   01AH651 SD50K93112
25209199
Wireless Keyboard Black(Silver Silk) Canada English/French LVT8   01AH652 SD50K93075
25209200
Wireless Keyboard Black(Silver Silk) Portuguese LVT8   01AH653 SD50K93103
25209201
Wireless Keyboard Black(Silver Silk) Belgium English LVT8   01AH654 SD50K93081
25209202
Wireless Keyboard Black(Silver Silk) USI English LVT8 for Netherlands   01AH655 SD50K93065
25209203
Silver silk 2.4G KB(BR)-black   00UW407 SD50K02047
Wireless Mouse Black   01AH700 SM50K93074
25203464
Wireless Mouse Black No Battery   00UW408 SM50K02048
25203465
Wireless Mouse Black Malaysia   01AH701 SM50K93114
25203466
Wireless Mouse Black Japan   01AH702 SM50K93110
25205773

 

Acknowledgements: 

Lenovo thanks Marc Newlin from Bastille Threat Research Team.

 

Other information and references:
CVE ID: CVE-2016-6257

https://www.bastille.net/research/vulnerabilities/keyjack

 

Revision History:

Revision

Date

Description

1.0

27 July 2016

 Initial release


Alias Id:LEN_7267
Document ID:PS500062
Original Publish Date:07/28/2016
Last Modified Date:07/28/2016