Lemmy.one
  • Communities
  • Create Post
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
haxor@derp.fooMB to Hacker News@derp.fooEnglish · 2 years ago

“Please do not make it public” (Tencent’s Sogou Input Method)

citizenlab.ca

external-link
message-square
0
fedilink
  • cross-posted to:
  • netsec@links.hackliberty.org
  • prepper@lemm.ee
  • technology@lemmy.world
  • technews@radiation.party
2
external-link

“Please do not make it public” (Tencent’s Sogou Input Method)

citizenlab.ca

haxor@derp.fooMB to Hacker News@derp.fooEnglish · 2 years ago
message-square
0
fedilink
  • cross-posted to:
  • netsec@links.hackliberty.org
  • prepper@lemm.ee
  • technology@lemmy.world
  • technews@radiation.party
“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping - The Citizen Lab
citizenlab.ca
external-link
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.

There is a discussion on Hacker News, but feel free to comment here as well.

alert-triangle
You must log in or # to comment.

Hacker News@derp.foo

hackernews@derp.foo

Subscribe from Remote Instance

You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !hackernews@derp.foo
lock
Community locked: only moderators can create posts. You can still comment on posts.

This community serves to share top posts on Hacker News with the wider fediverse.

Rules
  1. Keep it legal
  2. Keep it civil and SFW
  3. Keep it safe for members of marginalised groups
Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 1 user / day
  • 1 user / week
  • 1 user / month
  • 1 user / 6 months
  • 46 local subscribers
  • 3.93K subscribers
  • 18.6K Posts
  • 10.8K Comments
  • Modlog
  • mods:
  • haxor@derp.foo
  • BE: 0.19.7
  • Modlog
  • Legal
  • Instances
  • Docs
  • Code
  • join-lemmy.org