They might be a friend whose emails you want to snoop on, or an ex whose emails you really want to snoop on. These victims might be an engineer who tweeted about their new Kensington peripherals, or an executive who posed for a power-desk-photoshoot in front of their computer setup. I think that vulnerabilities in KensingtonWorks are most likely to be useful for targeted attacks on key victims who are known to use the application ahead of time. Kensington mice are expensive, and are probably disproportionately used by high-value targets. ![]() However, I wouldn’t rely on my intuition for your security. It’s much easier to get victims to download a fake version of Flash Player than it is to exploit a bug in a relatively uncommon piece of consumer software. Despite this, I intuitively doubt that either this or the previous vulnerability I found has been exploited in the wild. The victim doesn’t need to interact with the page at all. All an attacker needs to do in order to exploit the flaw is to trick a victim into visiting a malicious website and to stay there for a few minutes. KensingtonWorks is a piece of software that advanced users of these mice can download in order to bind their extra buttons to shortcut commands like copy, paste, volume, and zoom.īefore we see how the vulnerability in KensingtonWorks works, let’s talk about its practical implications. Kensingon sells mice with lots of extra buttons. But I’ll feel better when I remember that you can’t learn how to make better omelettes without analyzing insecurely broken eggs. I’ll feel a bit mean for zeroing in on the mistakes of one inoffensive company when all software is buggy and no one is safe. In this post we’ll look at how the second vulnerability works, and see the ways in which it’s a direct consequence of Kensington’s inadequate fix to the first. But if you do value these features then you’ve got a risk assessment on your hands. ![]() It’s easy and virtuous-sounding to declare that KensingtonWorks users should “uninstall the application immediately and wait for a fix,” and if you don’t particularly value your power-user features then I think that this would be prudent. The attacker can then execute arbitrary code on the target’s machine and take near-complete control of it. ![]() The victim doesn’t need to interact with the page all they need to do is stay on the site while background JavaScript silently exploits the KensingtonWorks defect. Like the previous vulnerability I reported, an attacker exploits this one by luring a victim to a malicious webpage. Kensington fixed this flaw, but I’ve found another RCE that, as of time of publishing, remains unpatched. KensingtonWorks is a tool made by a company called Kensington for adding power-user features to mice. A few months ago I published a remote code execution (RCE) vulnerability in KensingtonWorks.
0 Comments
Leave a Reply. |