Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • hitmyspot
    link
    fedilink
    English
    arrow-up
    28
    ·
    1 year ago

    All aspects of android (pretty much) are customisable. It’s not the os that is the problem, but the developers who program on all this telemetry.

    There keyboards on android are much more useful than what’s available on iOS. There is a similar issue with launchers. They, by their nature, need more access to other apps and more permissions. In most cases, that means more features, but meta and Microsoft have launchers too…

    I use android and iOS. I find both good but the customisable nature of android is what drove me away from iOS.

    • Whirlybird
      link
      fedilink
      English
      arrow-up
      1
      arrow-down
      1
      ·
      1 year ago

      All aspects of android (pretty much) are customisable.

      Not to the average user they’re not, especially not on Google’s own Pixel line.

      • hitmyspot
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        Lol, compared to an iPhone they are.

        I mean, if they are not, then what even is this article about. Your other comments to other users shows you understand that and aren’t really discussing.

        • Whirlybird
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          I mean, if they are not, then what even is this article about.

          The same thing that can and likely does happen on iOS?

          • hitmyspot
            link
            fedilink
            English
            arrow-up
            1
            ·
            1 year ago

            According to the article, it may, but there is not a known exploit. There are vulnerabilities. Also in windows, as android, there are known vulnerabilities.

            • Whirlybird
              link
              fedilink
              English
              arrow-up
              1
              ·
              edit-2
              1 year ago

              The article literally says that the same vulnerabitlity was in iOS though, just that they couldn’t find a way to exploit it in the version they were using.

              Analyzing the Windows, Android, and iOS versions of the software, we discovered troubling vulnerabilities in Sogou Input Method’s custom-designed “EncryptWall” encryption system and in how it encrypts sensitive data.

              We found that network transmissions containing sensitive data such as those containing users’ keystrokes are decipherable by a network eavesdropper, revealing what users are typing as they type.

              We disclosed these vulnerabilities to Sogou developers, who released fixed versions of the affected software as of July 20, 2023 (Windows version 13.7, Android version 11.26, and iOS version 11.25).

              • hitmyspot
                link
                fedilink
                English
                arrow-up
                1
                arrow-down
                1
                ·
                1 year ago

                Yes, that the researchers don’t know an exploit doesn’t mean there isn’t one. It’s a similar system being used. It wouldn’t require a patch otherwise.

                The fact that you understood all that makes me think you’re not discussing this in good faith so I’ll leave it there.