Researchers at the Synopsys Cybersecurity Research Center (CyRC) warn of three Android keyboard apps with cumulatively two million installs that are affected by multiple flaws (CVE-2022-45477, CVE-2022-45478, CVE-2022-45479, CVE-2022-45480, CVE-2022-45481, CVE-2022-45482, CVE-2022-45483) that can be exploited by attackers to compromise a mobile phone.
Keyboard and mouse apps connect to a server on a desktop or laptop computer and transmit mouse and keyboard events to a remote server.
These three Android apps (Lazy Mouse, PC Keyboard, and Telepad) are Keyboard apps available on the official Google Play Store and are used as remote keyboard and mouse.
CyRC experts warn of weak or missing authentication mechanisms, missing authorization, and insecure communication vulnerabilities in the three apps.
