Pricefield | Lemmy
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
@[email protected]MB to [email protected] • 2 years ago

[HN] “Please do not make it public” (Tencent’s Sogou Input Method)

citizenlab.ca

external-link
message-square
0
fedilink
  • cross-posted to:
  • [email protected]
  • [email protected]
2
external-link

[HN] “Please do not make it public” (Tencent’s Sogou Input Method)

citizenlab.ca

@[email protected]MB to [email protected] • 2 years ago
message-square
0
fedilink
  • cross-posted to:
  • [email protected]
  • [email protected]
“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping - The Citizen Lab
citizenlab.ca
external-link
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.

[ comments | sourced from HackerNews ]

alert-triangle
You must log in or register to comment.

[email protected]

[email protected]
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: [email protected]

Aggregated tech news.

  • 1 user / day
  • 1 user / week
  • 1 user / month
  • 1 user / 6 months
  • 1 subscriber
  • 15.6K Posts
  • 6.84K Comments
  • Modlog
  • mods:
  • @[email protected]
  • @[email protected]
  • UI: 0.18.4
  • BE: 0.18.2
  • Modlog
  • Instances
  • Docs
  • Code
  • join-lemmy.org