CVE-2016-6257

Vulnerability

The vulnerability resides in the firmware of the Lenovo Ultraslim USB dongle (USB ID 17ef:6032), which does not enforce incrementing of AES counters for each transmitted packet [1][2]. This allows the same keystream to be reused across packets. The affected devices include Lenovo Ultraslim Wireless, Lenovo Liteon SK-8861, and Silver Silk keyboards, as well as Liteon ZTM600 and Ultraslim Wireless mice that use this dongle [1].

Exploitation

An attacker must be within wireless range of the dongle to sniff a single legitimate encrypted packet from the keyboard. Because the AES counter is static, the captured keystream can be combined with a known plaintext to recover the keystream, or the packet can be directly replayed with a different keystroke value [1]. The attacker then transmits the forged packet to the dongle, which accepts it as valid, injecting the keystroke into the host system [2].

Impact

Successful exploitation enables an attacker to inject arbitrary keystrokes into the victim's system without knowledge of the encryption key. This can be leveraged to execute commands, install malware, or exfiltrate data, effectively gaining full control at the user's privilege level [1][2].

Mitigation

Lenovo has released a firmware update that enforces proper AES counter incrementing for the affected dongle [1]. Users should immediately update the dongle firmware through Lenovo's support resources. As a temporary workaround, disconnecting the wireless dongle and using a wired keyboard and mouse eliminates the attack surface [1].