Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • Whirlybird
    link
    fedilink
    English
    arrow-up
    1
    ·
    edit-2
    1 year ago

    The article literally says that the same vulnerabitlity was in iOS though, just that they couldn’t find a way to exploit it in the version they were using.

    Analyzing the Windows, Android, and iOS versions of the software, we discovered troubling vulnerabilities in Sogou Input Method’s custom-designed “EncryptWall” encryption system and in how it encrypts sensitive data.

    We found that network transmissions containing sensitive data such as those containing users’ keystrokes are decipherable by a network eavesdropper, revealing what users are typing as they type.

    We disclosed these vulnerabilities to Sogou developers, who released fixed versions of the affected software as of July 20, 2023 (Windows version 13.7, Android version 11.26, and iOS version 11.25).

    • hitmyspot
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      Yes, that the researchers don’t know an exploit doesn’t mean there isn’t one. It’s a similar system being used. It wouldn’t require a patch otherwise.

      The fact that you understood all that makes me think you’re not discussing this in good faith so I’ll leave it there.