all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping

Add to bookmarks
Aug. 9, 2023, 1:59 p.m. | Jeffrey Knockel

The Citizen Lab citizenlab.ca

In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified …

analysis android app app privacy and controls china chinese data eavesdropping encryption input ios keyboard language network popular privacy public report sensitive data serious sogou surveillance system tencent vulnerabilities vulnerability windows

Visit resource

More from citizenlab.ca / The Citizen Lab

敲敲打打:一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容(摘要) 1 week, 4 days ago | citizenlab.ca
app privacy and controls
敲敲打打:一系列云端输入法漏洞使网络攻击者得以监看个人用户的输入内容(摘要) 1 week, 4 days ago | citizenlab.ca
android app privacy and controls ios windows
Chinese Keyboard App Vulnerabilities Explained 1 week, 4 days ago | citizenlab.ca
app app privacy and controls apps app vulnerabilities +14
The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers 1 week, 4 days ago | citizenlab.ca
analysis app privacy and controls apps baidu +19
Citizen Lab submission to the Congressional-Executive Commission on China about the State of Human Rights … 1 month ago | citizenlab.ca
china citizen lab congress executive +10
Citizen Lab submission to Office of the Privacy Commissioner of Canada on draft guidance for … 1 month, 2 weeks ago | citizenlab.ca
biometric biometric data biometrics call +17
PAPERWALL: Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content 2 months, 3 weeks ago | citizenlab.ca
america a network asia attacks +19
Confirming Large-Scale Pegasus Surveillance of Jordan-based Civil Society 3 months ago | citizenlab.ca
access access now analysis citizen lab +16
Job Opportunity: Communication Strategist 3 months, 2 weeks ago | citizenlab.ca
administration citizen lab communication communications +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

DevSecOps Engineer

@ Material Bank | Remote
View on infosec-jobs.com

Instrumentation & Control Engineer - Cyber Security

@ ASSYSTEM | Bridgwater, United Kingdom
View on infosec-jobs.com

Security Consultant

@ Tenable | MD - Columbia - Headquarters
View on infosec-jobs.com

Management Consultant - Cybersecurity - Internship

@ Wavestone | Hong Kong, Hong Kong
View on infosec-jobs.com

TRANSCOM IGC - Cybersecurity Engineer

@ IT Partners, Inc | St. Louis, Missouri, United States
View on infosec-jobs.com

Manager, Security Operations Engineering (EMEA)

@ GitLab | Remote, EMEA
View on infosec-jobs.com
View more jobs