Watch Out! These Android Keyboard Apps With 2 Million Installs Will be Hacked Remotely

Watch Out! These Android Keyboard Apps With 2 Million Installs Will be Hacked Remotely
Watch Out! These Android Keyboard Apps With 2 Million Installs Will be Hacked Remotely

Dec 02, 2022Ravie LakshmananCell Safety / Vulnerability

A number of unpatched vulnerabilities have been found in three Android apps that enable a smartphone for use as a distant keyboard and mouse.

The apps in query are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million occasions from the Google Play Retailer. Telepad is not out there via the app market however may be downloaded from its web site.

  • Lazy Mouse (com.ahmedaay.lazymouse2 and com.ahmedaay.lazymousepro)
  • PC Keyboard (com.beapps.pckeyboard)
  • Telepad (com.pinchtools.telepad)

Whereas these apps operate by connecting to a server on a desktop and transmitting to it the mouse and keyboard occasions, the Synopsys Cybersecurity Analysis Middle (CyRC) discovered as many as seven flaws associated to weak or lacking authentication, lacking authorization, and insecure communication.

The problems (from CVE-2022-45477 via CVE-2022-45483), in a nutshell, could possibly be exploited by a malicious actor to execute arbitrary instructions sans authentication or harvest delicate data by exposing customers’ keystrokes in cleartext.

The Lazy Mouse server additional suffers from a weak password coverage and would not implement charge limiting, enabling distant unauthenticated attackers to trivially brute-force the PIN and execute rogue instructions.

It is price noting that not one of the apps have acquired any updates for over two years, making it crucial that customers take away the apps with instant impact.

“These three functions are extensively used however they’re neither maintained nor supported, and evidently, safety was not an element when these functions had been developed,” Synopsys safety researcher Mohammed Alshehri mentioned.

Discovered this text fascinating? Comply with us on Twitter and LinkedIn to learn extra unique content material we put up.


Supply By https://thehackernews.com/2022/12/watch-out-these-android-keyboard-apps.html

Related posts