Logitech has released a patch on a bug that could have allowed hackers to implement keystroke injection attacks in Options, a Logitech app that lets users customize buttons and the behavior of their mice, keyboards, and touchpads.
Pat Ciavolella, Digital Security and Operations Director at The Media Trust:
“The Logitech Options bug illustrates how apps are being developed without adequate attention to security and privacy. The fact that it took more than 90 days to develop a patch and communicate it to the public, and only after a Google security researcher threatened to make the bug public, is unacceptable. With more than 7,000 employees and revenues in the billions, Logitech should have the resources to design apps with security in mind, test those apps for any bugs before they are publicly launched, and fix any bugs as soon as they are reported. It’s only a matter of time before more laws like GDPR and California’s Consumer Privacy Act spread across the world. App providers who want to protect their brand and revenues should prepare themselves for new thresholds for security and privacy. Besides testing, another important step will be for them to monitor code from third-party suppliers, who are popular targets for bad actors.”