Lenovo Ultraslim Wireless Keyboard Keystroke Injection - lu

Lenovo Security Advisory: LEN-7267

Potential Impact: Potential unwanted data input

Severity**:** Medium

**Scope of Impact:**Industry-Wide

Summary Description:

A vulnerability was identified where an attacker with specialized equipment who is within close physical proximity to a system with the dongle for the Lenovo Ultraslim Wireless keyboard and mouse could enter keyboard inputs (e.g., keystrokes) into the user’s system.

Legitimate user keyboard input through the wireless keyboard remains encrypted and plain text keystrokes entered through the Lenovo Ultraslim wireless keyboard cannot be read wirelessly as a result of this vulnerability.

Mitigation Strategy for Customers (what you should do to protect yourself):

Lenovo recommends using the Ultraslim Wireless keyboard and mouse in physically secure locations and is working on fixing the firmware in the affected keyboards. The firmware can only be installed at the time of manufacture. Users who are concerned about this and need an immediate mitigation can contact the Lenovo Support Center (<https://support.lenovo.com/contactus&gt;) and Lenovo will replace the affected keyboard and mouse with a wired keyboard and mouse.

When the firmware fix is available, this advisory will be updated to advise users to contact the Lenovo Support Center. At that time, Lenovo will offer to replace the affected keyboard with a new Ultraslim Wireless keyboard and dongle containing the updated firmware. Lenovo appreciates the patience of impacted customers in this situation. The company will do its best to process all requests with care and efficiency.