In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
The world ain’t just good or bad and there’s various degrees of “bad”. The fact that many US people can even talk about this stuff makes them already just ever so slightly better for many outsiders. This is how it is, neither country is “good” but they align more with western ideals than an authoritarian state which for many of us is bad by default…which it is of course. :)
The world ain’t just good or bad and there’s various degrees of “bad”. The fact that many US people can even talk about this stuff makes them already just ever so slightly better for many outsiders. This is how it is, neither country is “good” but they align more with western ideals than an authoritarian state which for many of us is bad by default…which it is of course. :)