Almost Every Chinese Keyboard App Has a Security Flaw That Reveals What Users Type
These apps help users type Chinese characters more efficiently and are ubiquitous on devices used by Chinese people. The four most popular apps — built by major internet companies like Baidu, Tencent, and iFlytek — basically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China. What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.
In August 2023, the same researchers found that Sogou, one of the most popular keyboard apps, did not use Transport Layer Security (TLS) when transmitting keystroke data to its cloud server for better typing predictions. Without TLS, a widely adopted international cryptographic protocol that protects users from a known encryption loophole, keystrokes can be collected and then decrypted by third parties. Even though Sogou fixed the issue after it was made public last year, some Sogou keyboards preinstalled on phones are not updated to the latest version, so they are still subject to eavesdropping. […] After the researchers got in contact with companies that developed these keyboard apps, the majority of the loopholes were fixed. But a few companies have been unresponsive, and the vulnerability still exists in some apps and phones, including QQ Pinyin and Baidu, as well as in any keyboard app that hasn’t been updated to the latest version.
Read more of this story at Slashdot.
News for nerds, stuff that matters
Source : https://it.slashdot.org/story/24/04/24/2337208/almost-every-chinese-keyboard-app-has-a-security-flaw-that-reveals-what-users-type?utm_source=rss1.0mainlinkanon&utm_medium=feed