Jump to content
Sign in to follow this  
steven36

Intel: Our Remote Keyboard app has a critical bug; delete it now!

Recommended Posts

steven36

The app, available for iOS and Android, allows an attacker to inject keystrokes.

 

https://s7d6.turboimg.net/sp/8ab2325fc95107b77e8faad81e027bb6/72645.jpg

 

  • Three critical security flaws in the Intel Remote Keyboard application can allow an attacker to inject keystrokes and execute code on a connected machine.
  • Intel has opted to discontinue the app instead of updating it, and users are directed to uninstall it right away. Alternative apps are available for both iOS and Android, and affected machines can still be connected to with wireless keyboards and mice.

 

A critical flaw in the Intel Remote Keyboard app for iOS and Android has led to the decision by Intel to discontinue the app, and the company advises all users to uninstall it as soon as possible.

 

Used in conjunction with Intel Next Unit of Computing (NUC) mini PCs and flashdrive-sized Intel Compute Stick, the Intel Remote Keyboard allowed users to control the small-form machines from a smartphone.

 

The security advisory from Intel cites three separate CVEs affecting the app, and instead of issuing fixes for the bugs Intel has pulled it completely. An Intel spokesperson told Threatpost that the app was scheduled for discontinuation and its happening now was unrelated to the flaws.

 

NUC and Compute Stick users who rely on the Intel Remote Keyboard are out of luck for now—there is no word from Intel on the release of a new version, and as of this writing the app has been pulled from both the Apple App Store and Google Play.

The Remote Keyboard app allows users to connect to the NUC or Compute Stick using the Wi-Fi Direct protocol, which allows peer-to-peer connections between compatible devices. Wi-Fi Direct has had security issues in the past, though there's nothing to indicate Intel's flaw is due to the protocol instead of the Remote Keyboard app.

An escalation of privilege attack both remote and local

The three flaws mentioned by Intel paint a bleak picture of the Remote Keyboard's security.

 

CVE-2018-3641 allows a network attacker to inject keystrokes as a local user, CVE-2018-3645 allows a local attacker to inject keystrokes into another remote keyboard session, and CVE-2018-3638 allows an authorized local attacker to execute arbitrary code as a privileged user. The vulnerabilities were rated (out of 10) a 9.0, 8.0, and 7.2, respectively, on the CVE risk scale.

 

 

The three flaws affect all versions of the Intel Remote Keyboard, which may explain why Intel has decided to discontinue it instead of issuing a fix—the bug may be deep enough in the app's code that trying to fix it would necessitate a redesign.

 

With the Intel Remote Keyboard app officially dead, NUC and Compute Stick users will have to make do with a wireless keyboard and mouse or another remote keyboard application, of which there are several for both iOS and Android available in their respective app stores.

 

Source

Share this post


Link to post
Share on other sites
WALLONN7

Look at Intel opening the gates on another platform... :snack:

Intel, you little bastard!!! :whistle:

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...