[rasz]

> CVE-2019-13053, an attacker can inject any keyboard input into the encrypted radio traffic of the Unifying keyboards without knowing the crypto key used. To do this, the attacker only needs to have temporary access to the keyboard in order to press some keys.

or you know, ask the nice bank lady to type this "magic key combination" for you. Yes darling my name is little bobby tables.

>CVE-2019-13052 is not being addressed either. The attacker can decrypt the encrypted communication between the input devices if he has recorded the pairing process.

Oh dear, did the keyboard I am currently jamming stopped working? I have same model! my son/nephew told me you need to pair them. Ill just sit here patiently while you do that.

[NikkiA]

> ask the nice bank lady to type this "magic key combination" for you

If the keys being pressed are not necessary to be specific keys, then you can probably sniff the keypresses from the person ahead of you in the teller's line.

In fact the article makes that sort of clear:

> Alternatively, the hacker could simply observe for a few seconds what the user is typing.

Banks probably still have enough regulation and anti-TEMPEST fear to NOT be using wireless logitech gear though... Well, maybe.

[jbob2000]

> CVE-2019-13053

Is there a word for this type of exploit: I wrap a bicycle in wrapping paper. You don't need to take off the wrapping paper to know that what it covered was a bike.

That's pretty much what this exploit is, no? You press a key on a keyboard, it sends a radio signal. If I know what key you pressed, I can associate that key press with the "shape" of the signal.

[rasz]

known plaintext attack