“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping | allinfosecnews.com

Aug. 9, 2023, 1:59 p.m. | Jeffrey Knockel

The Citizen Lab citizenlab.ca

In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified …

analysis android app app privacy and controls china chinese data eavesdropping encryption input ios keyboard language network popular privacy public report sensitive data serious sogou surveillance system tencent vulnerabilities vulnerability windows

More from citizenlab.ca / The Citizen Lab

敲敲打打：一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容（摘要） 3 weeks, 4 days ago | citizenlab.ca

app privacy and controls

敲敲打打：一系列云端输入法漏洞使网络攻击者得以监看个人用户的输入内容（摘要） 3 weeks, 4 days ago | citizenlab.ca

android app privacy and controls ios windows

Chinese Keyboard App Vulnerabilities Explained 3 weeks, 4 days ago | citizenlab.ca

app app privacy and controls apps app vulnerabilities +14

The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers 3 weeks, 4 days ago | citizenlab.ca

analysis app privacy and controls apps baidu +19

Citizen Lab submission to the Congressional-Executive Commission on China about the State of Human Rights … 1 month, 2 weeks ago | citizenlab.ca

china citizen lab congress executive +10

Citizen Lab submission to Office of the Privacy Commissioner of Canada on draft guidance for … 1 month, 4 weeks ago | citizenlab.ca

biometric biometric data biometrics call +17

PAPERWALL: Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content 3 months, 1 week ago | citizenlab.ca

america a network asia attacks +19

Confirming Large-Scale Pegasus Surveillance of Jordan-based Civil Society 3 months, 2 weeks ago | citizenlab.ca

access access now analysis citizen lab +16

Job Opportunity: Communication Strategist 4 months ago | citizenlab.ca

administration citizen lab communication communications +19

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior - Penetration Tester

@ Deloitte | Madrid, España

View on infosec-jobs.com

Associate Cyber Incident Responder

@ Highmark Health | PA, Working at Home - Pennsylvania

View on infosec-jobs.com

Senior Insider Threat Analyst

@ IT Concepts Inc. | Woodlawn, Maryland, United States

View on infosec-jobs.com