Intel Remote Keyboard App Discontinued Rather Than Fixing Critical Vulnerabilities

Intel has decided to discontinue the Remote Keyboard app for good instead of developing patches for critical vulnerabilities. Intel’s Remote Keyboard app for Android came under the hammer after security researchers identified three different exploits of critical nature.

About Intel Remote Keyboard App

Intel Remote Keyboard App will allow users to wirelessly control their Intel devices.  The app is totally free to enable you to easily use your smartphone or tablet as a keyboard and mouse, improving your HTPC or entertainment experience.

Researchers informed the Intel about the critical flaws found in App and the company announced about the discontinuation of the app:

“Intel has issued a Product Discontinuation notice for Intel Remote Keyboard and recommends that users of the Intel Remote Keyboard uninstall it at their earliest convenience.”

Identified Critical Flaws Are:

  • CVE-2018-3638: Allows an authorised local attacker become a privileged user and execute arbitrary code.
  • CVE-2018-3641: Permits network attacker to inject the machine with keystrokes by appearing as a local user.
  • CVE-2018-3645: Allows local attacker hijack another remote keyboard session by injecting keystrokes.

According to HackRead blog post, The flaws would lead to providing escalation of privilege to an attacker at both local and remote level. On the CVE risk scale, out of ten, the flaws have been rated as 9.0, 8.0 and 7.2 respectively. All versions of Remote Keyboard app are affected by the flaws, which mean the bug is deeply embedded in the app’s code.

The reason behind abandoning fixes for some older hardware families is that repairs are impractical, or not widely supported. As per the Intel representative, the app was already scheduled for discontinuation and the decision was taken before the discovery of flaws. Finally, Intel has decided to give up on remote keyboard app and removed this app from Google Play Store and iPhone App Store.