Logitech Unifying receiver

Last updated January 25, 2024

Unifying Logo

The Logitech Unifying Receiver is a small dedicated USB wireless receiver, based on the nRF24L-family of RF devices,^[1] that allows up to six compatible Logitech human interface devices (such as mice, trackballs, touchpads, and keyboards; headphones are not compatible) to be linked to the same computer using 2.4 GHz band radio communication. Receivers that are bundled with a Logitech product are paired with the device at the factory. When purchasing a replacement receiver or connecting multiple devices to one receiver, pairing requires the free-of-charge Logitech Unifying software, available for Microsoft Windows and Mac OS X. On Linux the Solaar software can be used to adjust the configurations. Although not compatible with Bluetooth, devices pair to Unifying Receivers in a similar way.^[2] Peripherals remain paired, and can then be used on systems not supporting the software. Logitech receivers compatible with the Unifying protocol can be identified by the orange Unifying logo, which distinguishes them from Logitech Nano receivers of similar appearance, which pair in a similar manner but only with a single device, without using the Unifying protocol.

Compatibility and use

Each peripheral device can pair to one receiver per profile. While most peripherals only store one profile, newer products such as the Logitech MX Master, MX Anywhere series, and M720 Triathlon allow multiple profiles. These devices can be connected to multiple receivers simultaneously. This allows the use of receivers in several computers, e.g., a desktop and a laptop computer, selecting the computer to use by changing profiles on the mouse. This multi-computer function is further augmented by Logitech Flow (software KVM solution) which is similar to Synergy. For devices without multi-computer support, the receiver and input devices can be moved together from one computer to another, maintaining their paired status after being unplugged, as the pairing information is held in the little USB receiver^[2]—this is much simpler than transferring the peripheral from one receiver to another by changing the setup in software, and also avoids the limitation to 45 pairings of older devices. This also allows the use of peripherals on computing devices that do not support Unifying Software, e.g. devices supporting USB OTG with operating systems such as Android: first pair to the receiver on a PC or Mac.^[4]

Some older Unifying devices limit the number of allowable pairing changes to a maximum of 45 times. Once the 45th connection is made, it is no longer possible to connect such a device to a different receiver. For users who often switch a Unifying device between multiple PCs or laptops with individual receivers, this connection limit can become an issue. For example, a user who frequently switches a mouse between two receivers (e.g. at work and home) will quickly exhaust the limit of available pairing switches.^[5] Logitech advises customers with this issue to contact their Customer Care. Newer devices can switch pairings an unlimited number of times.

Pairing software is available from Logitech for Microsoft Windows and Mac OS X. Wireless devices using the Unifying Receiver are supported since Linux 3.2.^[6] Software to manage Unifying devices on Linux is available from third party developers, such as Solaar.^[7]

Many companies have made peripherals that connect via USB wireless receivers very similar to Logitech's; Logitech devices are incompatible with many of these "off-brand" receivers^{[ citation needed ]}.

There are many different hardware versions of the unifying receiver. The most common is used for daily use, and is marked CU-0007 on the metal jacket. CU-0008 is distributed with gaming devices, and features lower latency.

Security

Several security vulnerabilities of the Logitech Unifying system were reported in 2016 and 2019,^[8] and patches released.

MouseJacking and keyjacking

MouseJacking, first reported by Bastille Networks, Inc.,^[8] is the sending of malicious radio signals (packets) wirelessly to an unsuspecting user through Logitech Unifying wireless technology. The exploit takes advantage of a user's vulnerable Logitech Unifying Receiver and unencrypted signals within a range of about 100 meters. Possible exploits include:

Keystroke injection by spoofing either a paired mouse or keyboard
Forced pairing

Affected devices and firmware

Devices
Device	USB ID
Unifying receiver	046d:c52b
Unifying receiver	046d:c539
Logitech Wireless Gaming Mouse G900	046d:c081
Logitech Wireless Keyboard K360	046d:4004
Logitech Multi-Device Wireless Keyboard K370s	046d:4061
Logitech Multi-Device Wireless Keyboard K375s	046d:4061
Logitech Wireless Touch Keyboard K400r	046d:400e, 046d:4024
Logitech Wireless Touch Keyboard K400 Plus	046d:404d
Logitech Wireless Solar Keyboard K750	046d:4002
Logitech Multi-Device Wireless Keyboard K780	046d:405b
Logitech Illuminated Living-Room Keyboard K830	046d:404c, 046d:4032
Logitech Performance Wireless Keyboard MK850	046d:4062
Logitech Wireless Mouse M335
Logitech Zone Touch Mouse T400	046d:4026
Logitech Wireless Mouse M545
Logitech Wireless Mouse M560
Logitech Touch Mouse M600	046d:401a
Logitech Touch Mouse T620	046d:4027
Logitech Wireless Rechargeable Touchpad T650	046d:4101

RQR12 Firmware
Firmware Version	Vulnerabilities
012.001.00019	Affected by Bastille security issues #1, #2, #3^[9]^[10]
012.003.00025	Affected by Bastille security issues #1, #2, #3^[9]^[10]
<012.005.00028	Affected by Bastille security issues #1, #2, #3, #11, #13^[9]^[10]
012.005.00028	Affected by Bastille security issues #11, #13^[9]^[10]
012.007.00029	Affected by Bastille security issue #13^[10]

RQR24 Firmware
Firmware Version	Vulnerabilities
<024.003.00027	Affected by Bastille security issue #2, #3, #11, #13^[9]^[11]
024.003.00027	Affected by Bastille security issue #11, #13^[9]^[11]
024.005.00029	Affected by Bastille security issue #13^[11]

Firmware not affected

RQR12 Firmware
Firmware Version	Notes
012.008.00030^[10]
012.009.00030	Identical to 012.008.00030 but DFU signed^[12]

RQR24 Firmware
Firmware Version	Notes
024.006.00030^[11]
024.007.00030	Identical to 024.006.00030 but DFU signed^[13]

Response

Logitech has released Unifying receiver firmware updates as new exploits were reported.^[14]^[15]

Linux users can use fwupd to flash an updated firmware. It will automatically detect available updates for any connected unifying receivers and many other firmware updatable devices. An outdated alternative is MouseJack.^[1]

Flashing on a Linux/UNIX host via a hypervisor such as VirtualBox along with a Windows virtual guest image and the Windows Logitech update executable is also possible. If using a Windows virtual guest, it is recommended to have a second available pointing device while the dongle is being updated. The second pointing device may be needed to allow the user to select and enable pass through of the unifying receiver via the hypervisor task bar after executing the firmware updater so that the device is found and updated.

Updating the Unifying receiver firmware to versions RQR12.08 or greater and RQR24.06 or greater can limit some functionality of certain paired devices unless the devices' firmware is also updated.

Other vulnerabilities

On July 9, 2019 another set of vulnerabilities was disclosed and documented by a different researcher.^[8] A firmware update for Unifying receivers addressing the "Encryption Key Extraction Through USB" vulnerability (CVE-2019-13054/55) was released on 28 August 2019.^[15] Some users reported in 2019 that some Unifying devices were still being sold that were vulnerable to the original 2016 MouseJacking attack.^[16]

Related Research Articles

A computer mouse is a hand-held pointing device that detects two-dimensional motion relative to a surface. This motion is typically translated into the motion of the pointer on a display, which allows a smooth control of the graphical user interface of a computer.

In computing, firmware is a specific class of computer software that provides the low-level control for a device's specific hardware. Firmware, such as the BIOS of a personal computer, may contain basic functions of a device, and may provide hardware abstraction services to higher-level software such as operating systems. For less complex devices, firmware may act as the device's complete operating system, performing all control, monitoring and data manipulation functions. Typical examples of devices containing firmware are embedded systems, home and personal-use appliances, computers, and computer peripherals.

Unified Extensible Firmware Interface is a specification that defines the architecture of the platform firmware used for booting the computer hardware and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O. UEFI replaces the BIOS which was present in the boot ROM of all personal computers that are IBM PC compatible, although it can provide backwards compatibility with the BIOS using CSM booting. Intel developed the original Extensible Firmware Interface (EFI) specification. Some of the EFI's practices and data formats mirror those of Microsoft Windows. In 2005, UEFI deprecated EFI 1.10.

udev is a device manager for the Linux kernel. As the successor of devfsd and hotplug, udev primarily manages device nodes in the /dev directory. At the same time, udev also handles all user space events raised when hardware devices are added into the system or removed from it, including firmware loading as required by certain devices.

QEMU is a free and open-source emulator. It emulates a computer's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems. It can interoperate with Kernel-based Virtual Machine (KVM) to run virtual machines at near-native speed. QEMU can also do emulation for user-level processes, allowing applications compiled for one architecture to run on another.

Logitech Media Server is a streaming audio server supported by Logitech, developed in particular to support their Squeezebox range of digital audio receivers.

Wireless network cards for computers require control software to make them function. This is a list of the status of some open-source drivers for 802.11 wireless network cards.

Various accessories for the PlayStation 3 video game console have been produced by Sony and third-party companies. These include controllers, audio and video input devices like microphones, video cameras, and cables for better sound and picture quality.

<span class="mw-page-title-main">3Dconnexion</span> German manufacturer of human interface devices

3Dconnexion is a German manufacturer of human interface devices for manipulating and navigating computer-generated 3D imagery. These devices are often referred to as 3D motion controllers, 3D navigation devices, 6DOF devices or a 3D mouse.

Intel Active Management Technology (AMT) is hardware and firmware for remote out-of-band management of select business computers, running on the Intel Management Engine, a microprocessor subsystem not exposed to the user, intended for monitoring, maintenance, updating, and repairing systems. Out-of-band (OOB) or hardware-based management is different from software-based management and software management agents.

The Huawei E220 is a Huawei HSDPA access device (modem) manufactured by Huawei and notable for using the USB interface.

VRPN is a device-independent, network-based interface for accessing virtual reality peripherals in VR applications. It was originally designed and implemented by Russell M. Taylor II at the Department of Computer Science of the University of North Carolina at Chapel Hill. VRPN was maintained and supported by Sensics while it was business. It is currently maintained by ReliaSolve and developed in collaboration with a productive community of contributors. It is described more fully at vrpn.net and in VRPN-VRST.

A photovoltaic keyboard, or solar keyboard, is a wireless computer keyboard that charges its batteries from a light source such as the sun or interior lighting, addressing a major drawback of wireless computer peripherals that otherwise require regular replacement of discharged batteries.

Various accessories for the PlayStation 2 video game console have been produced by Sony, as well as third parties. These include controllers, audio and video input devices like microphones and video cameras, and cables for better sound and picture quality.

<span class="mw-page-title-main">Wireless keyboard</span> Computer keyboard wirelessly connected to a computer

A wireless keyboard is a computer keyboard that allows the user to communicate with computers, tablets, or laptops with the help of radio frequency (RF), such as WiFi and Bluetooth or with infrared (IR) technology. It is common for wireless keyboards available these days to be accompanied by a wireless mouse.

<span class="mw-page-title-main">Steam Link</span> Hardware and software product by Valve

Steam Link is a hardware and software product developed by Valve Corporation for streaming Steam content from a personal computer or Steam Machine wirelessly to a mobile device or other monitor. Steam Link was originally released as a hardware device alongside the debut of Steam Machines in November 2015. Valve discontinued the Steam Link hardware device in November 2018, in favor of supporting its software-based Steam Link application for mobile devices and smart televisions, as well as providing Steam Link as a software package for the Raspberry Pi microcomputer.

<span class="mw-page-title-main">PinePhone</span> Smartphone with Linux-based mobile operating system

The PinePhone is a smartphone developed by Hong Kong-based computer manufacturer Pine64, intended to allow the user to have full control over the device. Measures to ensure this are: running mainline Linux-based mobile operating systems, assembling the phone with screws, and simplifying the disassembly for repairs and upgrades. LTE, GPS, Wi-Fi, Bluetooth and both cameras can be physically switched off. The PinePhone ships with the Manjaro Linux-based operating system using the Plasma Mobile graphic interface, although other distributions can be installed by users.

scrcpy is a free and open-source screen mirroring application that allows control of an Android device from a desktop computer. The software is developed by Genymobile SAS, a company which develops Android emulator Genymotion.

Flipper Zero is a portable Tamagotchi-like multi-functional device developed for interaction with access control systems. The device is able to read, copy, and emulate RFID and NFC tags, radio remotes, iButton, and digital access keys, along with a GPIO interface. It was first announced in August 2020 through the Kickstarter crowdfunding campaign, which raised $4.8 million. The first devices were delivered to backers 18 months after completion of the crowdfunding campaign. The device's user interface embodies a pixel-art dolphin virtual pet. The interaction with the virtual pet is the device's core game mechanic. The usage of the device's functions defines the appearance and emotions of the pet.

References

1 2 Newlin, Marc (2016-08-07). "MouseJack device discovery and research tools". GitHub . Retrieved 2019-07-25.
1 2 Gallegos, Gary. "Gadgets: The Logitech Unifying Receiver (aka "fake bluetooth")". Archived from the original on 4 March 2016.
↑ "Logitech Unifying Multi-Connect Utility Setup Instructions" (PDF). Logitech.
↑ "Android Tablets and Logitech Unifying Devices". Music Tribe. 7 January 2018.
↑ "Limitations on Unifying devices". Archived from the original on 2019-07-10. Retrieved 2019-07-25.
↑ Nestor Lopez Casado (2011-09-15). "HID: Add full support for Logitech Unifying Receivers". Linux kernel . Retrieved 2019-07-25.
↑ Solaar on GitHub
1 2 3 mame82 (2019-07-09). "Summary / Overview of known Logitech wireless peripheral vulnerabilities". GitHub . Retrieved 2019-07-25.{{cite web}}: CS1 maint: numeric names: authors list (link)
1 2 3 4 5 6 "MouseJack Affected Devices". Bastille Networks. Retrieved 2019-07-25.
1 2 3 4 5 6 Viredaz, Marc (2017-12-22). "RQR12.08 Build 0030". GitHub . Retrieved 2019-07-25.
1 2 3 4 Viredaz, Marc (2017-12-22). "RQR24.06 Build 0030". GitHub . Retrieved 2019-07-25.
↑ Viredaz, Marc (2017-12-22). "RQR12.09 Build 0030". GitHub . Retrieved 2019-07-25.
↑ Viredaz, Marc (2017-12-22). "RQR24.07 Build 0030". GitHub . Retrieved 2019-07-25.
↑ LogiLaurie (2016-07-28). "Logitech Response to Research Findings". Archived from the original on 2019-07-09. Retrieved 2019-07-25.
1 2 "Logitech Unifying Receiver Update". Logitech Support + Download. 28 August 2019.
↑ Hollister, Sean (2019-07-14). "Why you should really, really update your Logitech wireless dongle". The Verge. Retrieved 2020-01-02.

External links

Logitech Unifying Software

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[mousejack-1] 1 2 Newlin, Marc (2016-08-07). "MouseJack device discovery and research tools". GitHub . Retrieved 2019-07-25.

[gallegos-2] 1 2 Gallegos, Gary. "Gadgets: The Logitech Unifying Receiver (aka "fake bluetooth")". Archived from the original on 4 March 2016.

[3] "Logitech Unifying Multi-Connect Utility Setup Instructions" (PDF). Logitech.

[4] "Android Tablets and Logitech Unifying Devices". Music Tribe. 7 January 2018.

[5] "Limitations on Unifying devices". Archived from the original on 2019-07-10. Retrieved 2019-07-25.

[6] Nestor Lopez Casado (2011-09-15). "HID: Add full support for Logitech Unifying Receivers". Linux kernel . Retrieved 2019-07-25.

[7] Solaar on GitHub

[vulerabilities-8] 1 2 3 mame82 (2019-07-09). "Summary / Overview of known Logitech wireless peripheral vulnerabilities". GitHub . Retrieved 2019-07-25.{{cite web}}: CS1 maint: numeric names: authors list (link)

[BastilleDevices-9] 1 2 3 4 5 6 "MouseJack Affected Devices". Bastille Networks. Retrieved 2019-07-25.

[RQR12.08_B0030-10] 1 2 3 4 5 6 Viredaz, Marc (2017-12-22). "RQR12.08 Build 0030". GitHub . Retrieved 2019-07-25.

[RQR24.06_B0030-11] 1 2 3 4 Viredaz, Marc (2017-12-22). "RQR24.06 Build 0030". GitHub . Retrieved 2019-07-25.

[12] Viredaz, Marc (2017-12-22). "RQR12.09 Build 0030". GitHub . Retrieved 2019-07-25.

[13] Viredaz, Marc (2017-12-22). "RQR24.07 Build 0030". GitHub . Retrieved 2019-07-25.

[14] LogiLaurie (2016-07-28). "Logitech Response to Research Findings". Archived from the original on 2019-07-09. Retrieved 2019-07-25.

[2019patch-15] 1 2 "Logitech Unifying Receiver Update". Logitech Support + Download. 28 August 2019.

[16] Hollister, Sean (2019-07-14). "Why you should really, really update your Logitech wireless dongle". The Verge. Retrieved 2020-01-02.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]