Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

Intel: Our Remote Keyboard app has a critical bug; delete it now!

steven36

By steven36
in Security & Privacy News

Recommended Posts

steven36

steven36

Posted
Posted

The app, available for iOS and Android, allows an attacker to inject keystrokes.

 

https://s7d6.turboimg.net/sp/8ab2325fc95107b77e8faad81e027bb6/72645.jpg

 

  • Three critical security flaws in the Intel Remote Keyboard application can allow an attacker to inject keystrokes and execute code on a connected machine.
  • Intel has opted to discontinue the app instead of updating it, and users are directed to uninstall it right away. Alternative apps are available for both iOS and Android, and affected machines can still be connected to with wireless keyboards and mice.

 

A critical flaw in the Intel Remote Keyboard app for iOS and Android has led to the decision by Intel to discontinue the app, and the company advises all users to uninstall it as soon as possible.

 

Used in conjunction with Intel Next Unit of Computing (NUC) mini PCs and flashdrive-sized Intel Compute Stick, the Intel Remote Keyboard allowed users to control the small-form machines from a smartphone.

 

The security advisory from Intel cites three separate CVEs affecting the app, and instead of issuing fixes for the bugs Intel has pulled it completely. An Intel spokesperson told Threatpost that the app was scheduled for discontinuation and its happening now was unrelated to the flaws.

 

NUC and Compute Stick users who rely on the Intel Remote Keyboard are out of luck for now—there is no word from Intel on the release of a new version, and as of this writing the app has been pulled from both the Apple App Store and Google Play.

The Remote Keyboard app allows users to connect to the NUC or Compute Stick using the Wi-Fi Direct protocol, which allows peer-to-peer connections between compatible devices. Wi-Fi Direct has had security issues in the past, though there's nothing to indicate Intel's flaw is due to the protocol instead of the Remote Keyboard app.

An escalation of privilege attack both remote and local

The three flaws mentioned by Intel paint a bleak picture of the Remote Keyboard's security.

 

CVE-2018-3641 allows a network attacker to inject keystrokes as a local user, CVE-2018-3645 allows a local attacker to inject keystrokes into another remote keyboard session, and CVE-2018-3638 allows an authorized local attacker to execute arbitrary code as a privileged user. The vulnerabilities were rated (out of 10) a 9.0, 8.0, and 7.2, respectively, on the CVE risk scale.

 

 

The three flaws affect all versions of the Intel Remote Keyboard, which may explain why Intel has decided to discontinue it instead of issuing a fix—the bug may be deep enough in the app's code that trying to fix it would necessitate a redesign.

 

With the Intel Remote Keyboard app officially dead, NUC and Compute Stick users will have to make do with a wireless keyboard and mouse or another remote keyboard application, of which there are several for both iOS and Android available in their respective app stores.

 

Source

Link to comment
Share on other sites
  • Replies 1
  • Views 618
  • Created
  • Last Reply

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...