Jeffrey, Mona, and co-author Zoë Reichert first raised the alarm about possible surveillance with their 2023 report, which revealed how #Sogou's encryption could be exploited to decrypt what people were typing in real time. #DefCon32
Full report here: https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Stellt euch vor, #Threema hätte ihr Update der Verschlüsselung nicht ausrollen dürfen oder #Sogou nicht auf TLS upgraden dürfen 🥶
Welche Horrorszenarien fallen euch sonst noch ein?
https://www.heise.de/news/Britische-Regierung-strebt-Befugnis-zur-Blockade-von-Sicherheitsupdates-an-9285877.html
Security researchers at Citizen Lab discovered a number of cryptographic vulnerabilities in the Sogou Input Method keyboard software made by Tencent, the most popular input method in China. These vulnerabilities allow adversaries with a privileged network position (such as an ISP or anyone with...
“Five days after Tencent (Shenzhen) admits to the IME vulnerability, the Chinese person (in Shenzhen) who originally publicized it suddenly gets dragged in by the cops and forced offline.”
“NONE of them could read English to see my account does not even make China look bad, it was all Baidu fucking translate and demands why I was talking about Signal and the keyboard”
“ @signalapp cannot stop…#Sogou from recording keystrokes” https://assemblag.es/@hugo/110902332690849610
good read, if you too were wondering what happened to the amazing @RealSexyCyborg. https://www.hackingbutlegal.com/p/naomi-wu-and-the-silence-that-speaks-volumes
"“Please do not make it public”
Vulnerabilities in #Sogou #Keyboard #encryption expose #keypresses to network #eavesdropping by #citizenlab
https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
The vulnerabilities in EncryptWall allow network eavesdroppers to extract the text content and access sensitive data.
A Chinese language input app called Sogou Input Method, which is widely used on Windows and Android devices, has been discovered to have serious security flaws that could potentially expose users&#…
Après les présentateurs télé et même un juge virtuel, le moteur de recherche chinois Sogou va proposer des avatars d’auteurs de romans pour les livres audio, en partenariat avec Zhangyue Technology.
The Citizen Lab
Marcel Waldvogel
Benjamin Carr, Ph.D. 👨🏻💻🧬
skry
Matt Willemsen
🐦🔥nemo™🐦⬛ 🇺🇦🍉
Freemind
mandarinportal.com
SecurityLab
Gregori Fabre