Multiple unpatched vulnerabilities have been discovered in three Android apps that allow a smartphone to be used as a remote keyboard and mouse.
The apps in question are Lazy Mouse, PC Keyboard, and Telepad, which have been cumulatively downloaded over two million times from the Google Play Store. Telepad is no longer available through the app marketplace but can be downloaded from its website.
- Lazy Mouse (com.ahmedaay.lazymouse2 and com.ahmedaay.lazymousepro)
- PC Keyboard (com.beapps.pckeyboard)
- Telepad (com.pinchtools.telepad)
While these apps function by connecting to a server on a desktop and transmitting to it the mouse and keyboard events, the Synopsys Cybersecurity Research Centre (CyRC) found as many as seven flaws related to weak or missing authentication, missing authorization, and insecure communication.
images from Hacker News