Remote code execution flaws were discovered by researchers in numerous Android remote keyboard apps. The vulnerability was discovered in a number of remote keyboard apps for Android. This increased the risk of compromising the safety of more than 2 million Android users.
Android Remote Keyboard Apps Vulnerabilities
A recent by Synopsys Cybersecurity Research Center, (CyRC) revealed that they discovered numerous security flaws in several Android remote keyboard apps. The vulnerable apps also included remote mouse apps.
These apps are Lazy Mouse and Telepad as well as PC Keyboard. They allow an Android device to be used remotely for keyboards or mice. CyRC identified the following vulnerabilities in the apps.
- CVE-202-25477 (CVSS 9.8) The vulnerability in Telepad app execute code on the target server.
- CVE-202-25479 (CVSS 8.8): This critical flaw affects the keyboard app that allows remote users to perform commands on the target system.
- CVE-202-25481 (CVSS 9.8) This code execution flaw in Lazy Mouse allowed remote users to gain access. The default configuration did not have a password requirement.
- CVE-20222-45482 (CVSS 9.8) The weak password and rate limit in Lazy Mouse allowed remote attackers to bypass the security measures and use arbitrary commands.
Researchers also observed that all three apps allowed data to be sent in transit between the device and server. Telepad ( HTML022-45478, CVSS 5.1.1), PC Keyboard( CVE-2022-45448, CVSS 5.1.1) and Lazy Mouse( CVE-2022-45483, CVSS 5.1), all transmitted sensitive data in cleartext.
There is no patch available for all three apps
These vulnerabilities were found in Telepad version 1.0.7 and earlier, PC Keyboard version 30 and prior, Lazy Mouse Version 2.0.1 and before. Researchers explained to us that they failed to hear from the developers despite numerous attempts.
The apps don’t appear to be in maintenance which could make it difficult for users to access the app. To avoid any potential dangers, the developers urge users to remove these apps from all their devices.
We would love to hear your comments.