The Synopsys Cybersecurity Research Center (CyRC) is warning of multiple vulnerabilities found in three applications that allow Android users to use their device as a keyboard and mouse.
The Google Play store offers Lazy Mouse, Telepad, and PC Keyboard in both free and paid versions, and they have collectively received more than two million downloads. By connecting to a server running on a computer and sending keyboard and mouse events to it, the applications operate.
Also Read: Tips to Strengthen the Open Source Application Security
A series of missing authorization, weak authentication, and insecure communication flaws were found by CyRC in these applications, and the company warns that an unauthenticated attacker could take advantage of them to execute code remotely or record keystrokes, which could reveal private data like usernames and passwords.
Read More: Vulnerabilities in Popular Keyboard and Mouse Android Apps Expose User Data