Android phone users have been hit by yet another worrying warning that could leave personal details in the hands of hackers. Security experts at Synopsys Cybersecurity Research Center (CyRC) have discovered three popular applications that appear to have a serious flaw which could allow online crooks to gain full access to vital data such as user names and passwords.
The apps, which are all available via the Google Play Store, have been downloaded over two million times which is why this latest news is so serious.
All of the software included in the warning offers the ability to transform Android phones into remote keyboards or a mouse for PCs. It’s that handy functionally which is why the applications have proven to be so popular.
However, CyRC says its research has uncovered weak or missing authentication mechanisms and insecure communication vulnerabilities in all three of the apps. This means they could be easy to exploit with hackers then able to use the apps to eavesdrop on keystrokes and see exactly what people are inputting, such as passwords, on their PCs.
It’s a pretty scary flaw and here is the full list of apps affected
• Telepad versions 1.0.7 and prior
• PC Keyboard versions 30 and prior
• Lazy Mouse versions 2.0.1 and prior
Although the developers don’t appear to have meant to have released anything malicious the applications remain vulnerable even though they have been warned about the problems.
CyRC has confirmed that it has reached out to the creators of the apps multiple times but has not received a response.
It appears that all three of the applications remain widely used but they are neither maintained nor supported, and evidently, security was not a factor when these applications were developed.
If you think you have them on your Android phone and are worried but the lack of security, CyRC is recommending you remove them immediately.
Speaking about the threat, Synopsys Cybersecurity Research Center (CyRC) said: “We have exposed multiple vulnerabilities in three applications that enable an Android device to be used as a remote keyboard and mouse for their computers.
“Lazy Mouse, Telepad, and PC Keyboard are keyboard and mouse applications that connect to a server on a desktop or laptop computer and transmit mouse and keyboard events to the server. The free and paid versions of these three apps have a combined total of more than two million downloads from Google Play.
“The CyRC recommends removing the applications immediately.”