AirKeyboard iOS App Vulnerable to Remote Input Injection: CVE-2025-66555 Allows Unauthenticated Control

Overview

This article details a critical security vulnerability, CVE-2025-66555, discovered in version 1.0.5 of the AirKeyboard iOS application. This vulnerability allows an unauthenticated attacker to inject arbitrary keystrokes directly into a victim’s iOS device in real-time, without any user interaction. This effectively grants the attacker full remote input control over the device.

Technical Details

CVE-2025-66555 stems from a missing authentication mechanism in the AirKeyboard app. The application, intended to allow users to control their computer via their iOS device, fails to properly authenticate incoming connections. This lack of authentication allows any attacker on the same network, or potentially even over the internet if the device is exposed, to send keyboard inputs to the targeted iOS device. The application’s socket listening for keystrokes doesn’t require any form of validation, enabling the keystroke injection.

CVSS Analysis

(Note: At the time of writing, the CVSS score for CVE-2025-66555 is N/A. This is often the case with newly discovered vulnerabilities. However, due to the severity of the potential impact, this vulnerability would likely receive a critical CVSS score once analyzed.)

Given the complete lack of authentication and the potential for full remote control, a hypothetical CVSS score would likely be in the Critical range (9.0-10.0). Key factors contributing to this score include:

• Attack Vector: Network
• Attack Complexity: Low
• Privileges Required: None
• User Interaction: None
• Scope: Changed
• Confidentiality Impact: High
• Integrity Impact: High
• Availability Impact: High

Possible Impact

The impact of this vulnerability is severe. An attacker could:

• Read sensitive information displayed on the screen (e.g., emails, messages, financial data).
• Send emails or messages on behalf of the user.
• Install malicious applications.
• Access banking applications and perform unauthorized transactions.
• Modify device settings.
• Essentially take complete control of the device.

Mitigation and Patch Steps

Until a patch is released by the AirKeyboard developers, users are strongly advised to take the following precautions:

• Uninstall the AirKeyboard application: This is the most effective way to prevent exploitation.
• Monitor network traffic: Unusual network activity from the iOS device could be a sign of compromise.
• Avoid using AirKeyboard on untrusted networks: Public Wi-Fi networks are particularly risky.

For Developers: The AirKeyboard developers should immediately address this vulnerability by implementing robust authentication mechanisms to prevent unauthorized access. This should include:

• Requiring a strong password or PIN for connections.
• Implementing encryption for all communication between the iOS device and the computer.
• Using mutual authentication to verify the identity of both devices.

References

• AirKeyboard App: airkeyboardapp.com
• AirKeyboard on the App Store: apps.apple.com/us/app/air-keyboard/id6463187929
• Exploit Database Entry: www.exploit-db.com/exploits/52333
• VulnCheck Advisory: www.vulncheck.com/advisories/airkeyboard-ios-app-105-remote-input-injection