Intel Remote Keyboard app nixed after discovery of critical remote control vulnerability

Intel logo building

Intel has issued a security advisory about its remote keyboard app after discovering a bug that made it possible for a remote user to mimic keyboard and mouse input with elevated privileges.

Intel Remote Keyboard was available for both iOS and Android, but the critical vulnerability -- and two other bugs with a High rating -- means that it has now been pulled from Google Play and the App Store. Intel is also recommending that anyone using the app uninstalls it as soon as possible.

See also:

It seems that Intel has decided that -- despite what it refers to as a "coordinated disclosure" with the people who made the discoveries -- it makes more sense to simply pull the apps rather than issuing a patch. The company has issued a Product Discontinuation notice for the app and says it "recommends that users of the Intel Remote Keyboard uninstall it at their earliest convenience."

Intel says that all versions of Intel Remote Keyboard are affected, and this perhaps explains the decision to kill it rather than fixing it. In its security advisory, the company explains the three bugs that were discovered:

  • CVE-2018-3641: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a network attacker to inject keystrokes as a local user.
  • CVE-2018-3645: Escalation of privilege in all versions of the Intel® Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.
  • CVE-2018-3638: Escalation of privilege in all versions of the Intel® Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.

If you've been relying on the app to control any device, now is the time to find another solution -- particularly now news of the exploits are out in the wild.

Image credit: Ken Wolter/Shutterstock

© 1998-2018 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.