Quote:The mobile application called WiFi Mouse, which allows users to control mouse movements on a PC or Mac with a smartphone or tablet, has an unpatched bug allowing adversaries to hijack desktop computers, according to researcher Christopher Le Roux who found the flaw.
 
Impacted is the Android app’s accompanying WiFi Mouse “server software” that is needed to be installed on a Windows system and allows the mobile app to control a desktop’s mouse movements. The flaw allows an adversary, sharing the same Wi-Fi network, to gain full access to the Windows PC via a communications port opened by the software.
 
WiFi Mouse, published by Necta, is available on Google Play and via Apple’s App Store marketplace under the publisher name Shimeng Wang. The only version tested by Le Roux was the Windows 1.7.8.5 version of WiFi Mouse software running on Windows (Enterprise Build 17763) system.

Despite multiple attempts to contact the app developer Necta, the company has not responded to either the researcher’s inquiries or Threatpost’s request for comment. Unclear is whether other versions of the WiFi Mouse desktop software, compatible with Mac, Debian and RPM, are also impacted.

According to Le Roux’s research, the unpatched bug does not impact the Android mobile phone’s running the WiFi Mouse application. According to the developer’s Google Play marketplace description of WiFi Mouse, the application has been downloaded over 100,000 times.