Intel Remote Keyboard Vulnerabilities (nuc) - Intel on a roll with both hardware and software.

[Vince]

So following the intel meltdown, spectre, ME and subsequent vulnerabilities it appears that further issues have been brought forward this time in some intel software. Below is a quote from the article on spiceworks I got this from:

The Intel Remote Keyboard app, introduced in June 2015, allows Android and iOS users to control their NUC and Compute Stick devices with their smartphone or tablet using the peer-to-peer network protocol Wi-Fi Direct.

On Tuesday, Intel warned of a critical escalation of privilege vulnerability (CVE-2018-3641) in all versions of the Intel Remote Keyboard that allows a network attacker to inject keystrokes as if they were a local user. The vulnerability received a Common Vulnerabilities and Exposure (CVE) score of 9.0 out of 10.

As part of the same advisory, Intel shared two additional Remote Keyboard vulnerabilities, both rated high. The bugs (CVE-2018-3645 and CVE-2018-3638) allow an “authorized local attacker to execute arbitrary code as a privileged user” and had CVE scores of 8.8 and 7.2, according to Intel.

And Intels response this time is not to fix the issue but to simply discontinue the product:

In lieu of patches, Intel said it was discontinuing the product. According to the security bulletin, Intel said it “has issued a product discontinuation notice for Intel Remote Keyboard and recommends that users of the Intel Remote Keyboard uninstall it at their earliest convenience.”

So do you use the software? Whats your thoughts? Do Intel need to get a grip on their software and get their house in order?

I have no real opinion on this one particular issue but have hardware affected by previous issues. I have always said that intel can't do software is this just another example of that?

What say you OCUK?

 

[Rroff]

Same criticism I've had in the past as to why I think it unlikely they can do a successful gaming GPU - their approach to a product especially software wise is too rigid without the right kind of mentality towards ongoing support needed - as seen here they'd rather just discontinue the product.

It does little to allay my concerns about AMT, etc.

 

[Vince]

Same criticism I've had in the past as to why I think it unlikely they can do a successful gaming GPU - their approach to a product especially software wise is too rigid without the right kind of mentality towards ongoing support needed - as seen here they'd rather just discontinue the product.

It does little to allay my concerns about AMT, etc.

My thoughts exactly - In itself this is relatively minor, a software exploit, so not the end of the world. I was thinking the same I just don't believe that they have the mentality to make good software. I guess time will tell on the GPU front but it will be really interesting to watch that is for sure.