Intel Remote Keyboard app

Intel has decided that instead of fixing three security bugs affecting the Intel Remote Keyboard Android app, it would be easier to discontinue the application altogether.

The company announced its decision on Tuesday, following the discovery of three security bugs that affect all versions of the Intel Remote Keyboard.

This is an Android application that Intel launched in 2015 to allow users to wirelessly control Intel NUC and Intel Compute Stick single-board computers.

The bugs, discovered by three different researchers, when exploited, allow a nearby network attacker to inject keystrokes into remote keyboard sessions, and also execute malicious code on the user's Android device.

Two of the bugs have received a severity score of "high," but one of the issues was classified as "critical."

CVE Severity Description
CVE-2018-3641 9.0 (Critical) Escalation of privilege in all versions of the Intel Remote Keyboard allows a network attacker to inject keystrokes as a local user.
CVE-2018-3645 8.8 (High) Escalation of privilege in all versions of the Intel Remote Keyboard allows a local attacker to inject keystrokes into another remote keyboard session.
CVE-2018-3638 7.2 (High) Escalation of privilege in all versions of the Intel Remote Keyboard allows an authorized local attacker to execute arbitrary code as a privileged user.

"Intel has issued a Product Discontinuation notice for Intel Remote Keyboard and recommends that users of the Intel Remote Keyboard uninstall it at their earliest convenience," the company said in a security advisory.

The Intel Remote Keyboard app had over 500,000 installations and an average rating of 3.8 out of 5.0, according to a cached version of its now-defunct official Google Play Store page. The app received its last update last June.

Related Articles:

Fortnite Android App Vulnerable to Man-in-the-Disk Attacks

Researchers Detail New CPU Side-Channel Attack Named SpectreRSB

New Spectre 1.1 and Spectre 1.2 CPU Flaws Disclosed

Western Digital Releases Hotfix for My Cloud Auth Bypass Vulnerability

0Day Windows JET Database Vulnerability disclosed by Zero Day Initiative