Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • hitmyspot
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Lol, compared to an iPhone they are.

    I mean, if they are not, then what even is this article about. Your other comments to other users shows you understand that and aren’t really discussing.

    • Whirlybird
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      I mean, if they are not, then what even is this article about.

      The same thing that can and likely does happen on iOS?

      • hitmyspot
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        According to the article, it may, but there is not a known exploit. There are vulnerabilities. Also in windows, as android, there are known vulnerabilities.

        • Whirlybird
          link
          fedilink
          English
          arrow-up
          1
          ·
          edit-2
          1 year ago

          The article literally says that the same vulnerabitlity was in iOS though, just that they couldn’t find a way to exploit it in the version they were using.

          Analyzing the Windows, Android, and iOS versions of the software, we discovered troubling vulnerabilities in Sogou Input Method’s custom-designed “EncryptWall” encryption system and in how it encrypts sensitive data.

          We found that network transmissions containing sensitive data such as those containing users’ keystrokes are decipherable by a network eavesdropper, revealing what users are typing as they type.

          We disclosed these vulnerabilities to Sogou developers, who released fixed versions of the affected software as of July 20, 2023 (Windows version 13.7, Android version 11.26, and iOS version 11.25).

          • hitmyspot
            link
            fedilink
            English
            arrow-up
            1
            arrow-down
            1
            ·
            1 year ago

            Yes, that the researchers don’t know an exploit doesn’t mean there isn’t one. It’s a similar system being used. It wouldn’t require a patch otherwise.

            The fact that you understood all that makes me think you’re not discussing this in good faith so I’ll leave it there.