April 26, 2024 at 01:46AM
Many Chinese keyboard apps, including those from major handset manufacturers, have been found to be leaking keystrokes, leaving potentially three quarters of a billion people at risk. These apps use input method editor (IME) software, such as the Pinyin scheme, which uploads keystrokes to the cloud for processing. Vulnerabilities have been identified in apps from several companies, and despite some promises to fix the issues, concerns remain due to difficulties in updating software. Citizen Lab estimates that around 780 million people are at risk of smartphone surveillance. The research suggests actions to improve smartphone security and urges users to update their Pinyin apps as soon as possible.
Based on the meeting notes, the key takeaways are as follows:
– Many Chinese keyboard apps, including those from major handset manufacturers, may leak keystrokes, leaving potentially three quarters of a billion people at risk, according to research from the University of Toronto’s Citizen Lab.
– The apps use an Input Method Editor (IME) software, with the most popular using the Pinyin scheme to represent the sounds of Mandarin using the Latin alphabet.
– Some Pinyin apps upload keystrokes to the cloud for processing, exposing users’ input to potential interception.
– Several major companies, including Baidu, Samsung, Xiaomi, OPPO, Honor, and iFlytek, have been found to have vulnerabilities in their Pinyin apps, allowing for interception of keystrokes by eavesdroppers.
– The majority of companies responded to the disclosures made by Citizen Lab, with varying levels of success in addressing the identified issues.
In conclusion, the report highlights the severe vulnerabilities present in widely used keyboard apps in China, affecting a significant portion of the population. It also suggests that there are potential actions that could be taken across the smartphone ecosystem to address these vulnerabilities, but emphasizes the immediate need for users to update their Pinyin apps as a practical precaution.