Security Vulnerabilities Compromise Keystrokes of More Than 1 Billion Users of Chinese Keyboard App

Published:

spot_img

Security Vulnerabilities in Cloud-Based Pinyin Keyboard Apps Expose Users’ Keystrokes

A recent report from the Citizen Lab has uncovered security vulnerabilities in cloud-based pinyin keyboard apps that could potentially expose users’ keystrokes to malicious actors. The findings highlight weaknesses in eight out of nine apps from major vendors like Baidu, Honor, Samsung, and Xiaomi, with Huawei being the only exception.

According to researchers Jeffrey Knockel, Mona Wang, and Zoë Reichert, these vulnerabilities could allow attackers to intercept and reveal the contents of users’ keystrokes as they are being transmitted. This puts nearly one billion users at risk, with popular Input Method Editors (IMEs) from Sogou, Baidu, and iFlytek being among the most affected.

Some of the identified issues include the vulnerability of Tencent QQ Pinyin to a CBC padding oracle attack, network eavesdroppers decrypting texts on Baidu IME, and insufficient encryption on iFlytek IME transmissions. Additionally, Samsung Keyboard on Android was found to transmit data via plain, unencrypted HTTP, while brands like Xiaomi, OPPO, Vivo, and Honor were also flagged for their susceptibility to similar flaws due to preinstalled keyboard apps.

While most developers have addressed these vulnerabilities following responsible disclosure, users are advised to keep their apps updated and consider using on-device keyboard apps to enhance their privacy. The report also calls for app developers to adopt standardized encryption protocols and for app store operators to facilitate security updates without geographical restrictions.

The researchers also raised concerns about the potential for mass surveillance by exploiting these vulnerabilities, highlighting the need for increased security measures to safeguard users’ sensitive data. As the cybersecurity landscape continues to evolve, it is crucial for both users and developers to prioritize data protection and encryption protocols to mitigate such risks.

spot_img

Related articles

Recent articles

Dehradun Police Crack ₹10 Lakh Burglary Case After Suspect Posts Stolen Diamonds on Social Media

Dehradun Police Crack ₹10 Lakh Burglary Case After Suspect Posts Stolen Diamonds on Social Media The Dehradun District Police have made significant strides in resolving...

Chilean President Strengthens Economic Ties with UAE’s Al Zeyoudi Amid Growing Trade Partnership

Chilean President Strengthens Economic Ties with UAE's Al Zeyoudi Amid Growing Trade Partnership In a significant diplomatic engagement, José Antonio Kast, President of Chile, welcomed...

GovTech Innovation Forum & Awards 2026 Advances UAE’s Digital Transformation Through Recognition of Pioneering Leaders

GovTech Innovation Forum & Awards 2026 Advances UAE's Digital Transformation Through Recognition of Pioneering Leaders The GovTech Innovation Forum & Awards 2026, held at The...

In Other News: Canadian Hacker Jailed, 14 Million Affected by KDDI Data Breach, Two Sentenced for ATM Jackpotting

In Other News: Canadian Hacker Jailed, 14 Million Affected by KDDI Data Breach, Two Sentenced for ATM Jackpotting In recent cybersecurity developments, significant incidents have...