|Photo by: Hans via Pixabay|
Intel has decided to discontinue its Remote Keyboard app for Android and iOS because it has a critical bug that allows an attacker to inject keystrokes when the keyboard is in use.
The company’s latest security advisory reads that there are three separate Common Vulnerabilities and Exposures that have affected its app. However, instead of fixing the bugs, the company has recommended its users to uninstall it completely.
CVE-2018-3641 is one of the flaws mentioned by Intel. This flaw allows a network attacker to inject the keystrokes as a local user. The second flaw, CVE-2018-3645, enables the local attacker to inject keystrokes to another remote keyboard that is in session and the CVE-2018-3638 flaw permits an authorized local attacker to carry out an arbitrary code as the privileged user.
The app was created to allow users to wirelessly control their mini-PC platform called Next Unit of Computing and with Intel’s Compute Stick. NUCs are of the same function and size to the Raspberry Pi systems. It has gaming, entertainment features, and productivity features, such as a customizable board that accepts the memory storage and OS that a user wants. On the other hand, Compute Sticks are similar in size to a large flash drive and is a single-board computer designed to be used in media center applications.
“Intel has issued a Product Discontinuation notice for Intel Remote Keyboard and recommends that uses of the Intel Remote Keyboard uninstall it at their earliest convenience,” the company claims.