Intel Remote Keyboard app

Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether.

The company announced its decision on Tuesday, following the discovery of three security bugs that affect all versions of the Intel Remote Keyboard.

This is an Android application that Intel launched in 2015 to allow users to wirelessly control Intel NUC and Intel Compute Stick single-board computers.

The bugs, discovered by three different researchers, when exploited, allow a nearby network attacker to inject keystrokes into remote keyboard sessions, and also execute malicious code on the user's Android device.

Two of the bugs have received a severity score of "high," but one of the issues was classified as "critical."

CVE Severity Description
CVE-2018-3641 9.0 (Critical) Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.
CVE-2018-3645 8.8 (High) Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.
CVE-2018-3638 7.2 (High) Escalation of privilege in all versions of the Intel Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.

"Intel has issued a Product Discontinuation notice for Intel Remote Keyboard and recommends that users of the Intel Remote Keyboard uninstall it at their earliest convenience," the company said in a security advisory.

The Intel Remote Keyboard app had over 500,000 installations and an average rating of 3.8 out of 5.0, according to a cached version of its now-defunct official Google Play Store page. The app received its last update last June.

Related Articles:

Intel SPI Flash Flaw Lets Attackers Alter or Delete BIOS/UEFI Firmware

Microsoft Partners with Intel to Deliver CPU Microcode Fixes via Windows Updates

Drupal Fixes Drupalgeddon2 Security Flaw That Allows Hackers to Take Over Sites

Google Enables Safe Browsing Support in Android's WebView Browser

LinkedIn Fixes AutoFill Button That Allowed Rogue Harvesting of User Data