Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • Whirlybird
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    I mean, if they are not, then what even is this article about.

    The same thing that can and likely does happen on iOS?

    • hitmyspot
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      According to the article, it may, but there is not a known exploit. There are vulnerabilities. Also in windows, as android, there are known vulnerabilities.

      • Whirlybird
        link
        fedilink
        English
        arrow-up
        1
        ·
        edit-2
        1 year ago

        The article literally says that the same vulnerabitlity was in iOS though, just that they couldn’t find a way to exploit it in the version they were using.

        Analyzing the Windows, Android, and iOS versions of the software, we discovered troubling vulnerabilities in Sogou Input Method’s custom-designed “EncryptWall” encryption system and in how it encrypts sensitive data.

        We found that network transmissions containing sensitive data such as those containing users’ keystrokes are decipherable by a network eavesdropper, revealing what users are typing as they type.

        We disclosed these vulnerabilities to Sogou developers, who released fixed versions of the affected software as of July 20, 2023 (Windows version 13.7, Android version 11.26, and iOS version 11.25).

        • hitmyspot
          link
          fedilink
          English
          arrow-up
          1
          arrow-down
          1
          ·
          1 year ago

          Yes, that the researchers don’t know an exploit doesn’t mean there isn’t one. It’s a similar system being used. It wouldn’t require a patch otherwise.

          The fact that you understood all that makes me think you’re not discussing this in good faith so I’ll leave it there.