![]() “The WiFi Mouse mobile app scans for and connects to hosts with TCP port 1978 open. That lack of authentication opens the door to a potential rogue user to exploit the open data port used by WiFi Mouse, Le Roux said. #Running mobile mouse server as service android#The researcher said the application doesn’t properly prompt mobile app users to enter a password or a PIN number in order to pair an Android mobile device running WiFi Mouse with the accompanying WiFi Mouse desktop server software. “I believe this may be an oversight on the part of the developer.” “The password/PIN option in the Windows Desktop app does not prevent remote control of a target running the software,” Le Roux told Threatpost. The vulnerability, according to the developer, is tied to poor password and PIN security required by the Windows desktop application. According to the developer’s Google Play marketplace description of WiFi Mouse, the application has been downloaded over 100,000 times. Unclear is whether other versions of the WiFi Mouse desktop software, compatible with Mac, Debian and RPM, are also impacted.Īccording to Le Roux’s research, the unpatched bug does not impact the Android mobile phone’s running the WiFi Mouse application. The only version tested by Le Roux was the Windows 1.7.8.5 version of WiFi Mouse software running on Windows (Enterprise Build 17763) system.ĭespite multiple attempts to contact the app developer Necta, the company has not responded to either the researcher’s inquiries or Threatpost’s request for comment. WiFi Mouse, published by Necta, is available on Google Play and via Apple’s App Store marketplace under the publisher name Shimeng Wang. #Running mobile mouse server as service full#The flaw allows an adversary, sharing the same Wi-Fi network, to gain full access to the Windows PC via a communications port opened by the software. Impacted is the Android app’s accompanying WiFi Mouse “server software” that is needed to be installed on a Windows system and allows the mobile app to control a desktop’s mouse movements. The mobile application called WiFi Mouse, which allows users to control mouse movements on a PC or Mac with a smartphone or tablet, has an unpatched bug allowing adversaries to hijack desktop computers, according to researcher Christopher Le Roux who found the flaw. Wireless mouse-utility lacks proper authentication and opens Windows systems to attack. Unpatched Bug in WiFi Mouse App Opens PCs to Attack ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |