Two high-severity flaws, discovered in a popular Fujitsu wireless keyboard set, could allow attackers from a short distance away to “eavesdrop” on passwords entered into the keyboards, or even fully takeover a victim’s system.
Making matters worse, the impacted Fujitsu wireless keyboard LX390 reached end-of-life in May 2019 – meaning that a patch is not available and affected users are instead urged to replace their keyboards entirely.
“Fujitsu has released two new wireless keyboard sets named LX410 and LX960 that are not affected by the described security issue,” said Matthias Deeg, researcher with Germany-based SySS, in an advisory sent to Threatpost on Wednesday. “SySS recommends replacing LX390 wireless keyboard sets used in environments with higher security demands, for instance with one of the newer successor models LX410 or LX960.”
The Fujitsu Wireless Keyboard Set LX390 desk set consists of a mouse and a keyboard. The wireless keyboard transmits keystrokes to the desktop wirelessly using a 2.4 GHz-range transceiver.