Seven dangerous vulnerabilities were discovered in three Android applications that allow you to use your smartphone as a wireless keyboard or mouse. We are talking about applications Lazy Mouse, PC Keyboard and Telepad, which in total have more than 2 million downloads on Google Play.
The security holes were discovered back in August of this year by researchers from Synopsys, who unsuccessfully tried to contact the developers. However, after several unsuccessful attempts, the researchers simply published a report in which they spoke in detail about each of the vulnerabilities discovered:
- CVE-2022-45477 (9.8 out of 10 on the CVSS scale) is a vulnerability in Telepad that allows a remote unauthorized user to send instructions to the server to execute arbitrary code;
- CVE-2022-45478 (CVSS score 5.1 out of 10) is a vulnerability in Telepad that allows an attacker to perform a Man in the Middle attack (MITM) and get all keystrokes in plain text;
- CVE-2022-45479 (9.8 out of 10 on the CVSS scale) is a vulnerability in PC Keyboard that allows a remote unauthorized user to send instructions to the server to execute arbitrary code;
- CVE-2022-45480 (CVSS score 5.1 out of 10) is a vulnerability in PC Keyboard that allows an attacker to carry out a Man-in-the-Middle (MITM) attack and obtain all keystrokes in plain text;
- CVE-2022-45481 (CVSS score 9.8 out of 10) - No need to set a password in the standard Lazy Mouse configuration, which allows hackers to execute malicious code without authorization;
- CVE-2022-45482 (9.8 out of 10 on the CVSS scale) - a vulnerability in the Lazy Mouse server that makes it easy to carry out brute force attacks;
- CVE-2022-45483 (CVSS score 5.1 out of 10) is a vulnerability in Lazy Mouse that allows an attacker to perform a Man-in-the-Middle (MITM) attack and retrieve all keystrokes in plain text.
It is worth noting that none of the reviewed applications have received updates for more than two years, so experts recommend that users remove these applications as soon as possible.
Comments 0