Jump directly to the content
TAP TERROR

Major warning for 2million Android owners – someone may be watching everything you type

DANGEROUS Android bugs could let hackers keep a record of everything you type, cyber-experts warn.

Three apps are said to be affected, with a combined total of more than two million downloads.

Be careful when downloading apps that haven't been updated in a while – they may have unfixed security flaws
1
Be careful when downloading apps that haven't been updated in a while – they may have unfixed security flawsCredit: Google

All three are keyboard and mouse apps that let you control a desktop or laptop computer using your Android phone.

The apps transmit your mouse and keyboard inputs to a server to do this.

Cyber-experts at Synopsys say the apps themselves are legitimate and not scams – but reportedly contain dangerous security holes that could let hackers spy on you.

"An exploit of the authentication and authorization vulnerabilities could allow remote unauthenticated attackers to execute arbitrary commands," said Synopsys' Mohammed Alshehri, a security researcher who discovered the issue.

Read More on The Sun

"Similarly, an exploit of the insecure communication vulnerability exposes the user’s keystrokes, including sensitive information such as usernames and passwords."

The actual apps and versions affected are as follows:

  • Telepad versions 1.0.7 and prior
  • PC Keyboard versions 30 and prior
  • Lazy Mouse versions 2.0.1 and prior

If you have any of these apps installed, it may be worth uninstalling them as soon as possible.

Here is a simple guide on how to delete Android apps.

The exploits could allow hackers to read everything you're typing.

But it could also let them execute code on your computer, potentially seizing control of your device.

It's currently unclear if any hackers have exploited the bug.

The Synopsys Cybersecurity Research Center (CyRC) team reportedly disclosed the flaws to app makers on August 13 this year, and claims to have followed up several times.

But ultimately the issue remains unfixed.

"The CyRC reached out to the developers multiple times but has not received a response within the 90 day timeline dictated by our responsible disclosure policy.

"These three applications are widely used but they are neither maintained nor supported, and evidently, security was not a factor when these applications were developed."

Read more on Android

Now cyber-experts have published details of the bug in hopes of warning Android phone owners.

Consider using an alternative mouse and keyboard app for now: choose one with lots of downloads and positive reviews on the Google Play store that is regularly updated.

Best Phone and Gadget tips and hacks

Looking for tips and hacks for your phone? Want to find those secret features within social media apps? We have you covered...

Get all the latest WhatsApp, Instagram, Facebook and other tech gadget stories here.



We pay for your stories! Do you have a story for The Sun Online Tech & Science team? Email us at [email protected]


Topics