LASER_oneXM

Level 33
Verified
“Thus, an attacker is able to send arbitrary keystrokes to a victim’s computer system. In this way, an attacker can remotely take control over the victim’s computer that is operated with an affected Fujitsu LX901 wireless desktop set,” Deeg wrote in an advisory, adding that when this activity is combined with an earlier vulnerability disclosed n 2016 a keystroke injection attack allows to remotely attack computer systems with an active screen lock, for example in order to install malware when the target system is unattended, Deeg said.

SySS reported that it successfully completed a proof of concept of the attack and performed a keystroke injection attack against the keyboard.

SySS informed Fujitsu of the problem in October 2018 and while the two companies have exchanged information concerning the vulnerabilitiy a patch has not been issued and SySS said it is not aware of any other solution that could rectify the problem.