As Sean Hollister at The Verge reports, the MouseJack attack lets a nearby attacker break into a Logitech USB receiver connected to your computer. They can connect their devices to it and send all the keyboard input they want. Just by sending keyboard input, the attacker could download malware or wipe your PC.
This problem was reported in 2016. To fix it, Logitech rolled out a firmware update. However, Logitech never recalled existing devices offered for sale. Even if you bought a new device in the last few years, it could be vulnerable. This update may not even be offered through Logitech’s standard desktop software for some reason. You may have to go out of your way to find, download, and run it.
To fix the problem, visit this page on Logitech’s website, download the appropriate update, and install it. For Logitech unifying receivers (USB dongles), updates are available for both Windows PCs and Macs. There’s also a separate update to install if you have a Logitech G900 gaming mouse.
If you’re not sure whether you’ve ever installed the firmware update or whether your new receiver came with the new firmware or not, just download the update and try installing it. The updater will let you know if all your devices are up to date.
As Logitech notes, this tool will also update the firmware on some specific vulnerable Logitech wireless keyboards at the same time. Ensure they’re connected while running the updater:
