Cloud Keyboards Vulnerable to Keystroke Interception, Used by Billions of Users

Experts at Citizen Lab have discovered multiple vulnerabilities in cloud applications for Pinyin-keyboards. The company warned that these issues could be exploited to intercept keystrokes, posing a threat to approximately one billion users in total.

Researchers reported finding vulnerabilities in eight out of nine studied applications from manufacturers like Baidu, Honor, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The only manufacturer whose application did not have any issues was Huawei.

According to experts, the identified bugs can be used for “revealing keystrokes in transmission.” Collectively, this class of vulnerabilities affects around one billion users worldwide. After all, 95% of the market share for keyboards designed to help users input Chinese characters quickly and easily is occupied by vulnerable IMEs (Input Method Editors) from Sogou, Baidu, and iFlytek.

Successful exploitation of bugs in such applications enables decryption of key presses in a passive mode without the need for additional network traffic transmission. IME keyboards often incorporate cloud functions to enhance their functionality. This complexity stems from the challenge of predicting which characters a user is likely to input next, especially in logographic languages like Chinese.

The investigation by Citizen Lab builds on findings from previous research, where serious cryptographic flaws were identified in Tencent’s Sogou Pinyin Method application in August of last year. This application boasts over 455 million active users across Windows, Android, and iOS platforms.

Now, Citizen Lab details that popular Pinyin keyboards are exposed to the following bugs:

  • Tencent QQ Pinyin is vulnerable to a CBC padding oracle attack, which could lead to the recovery of typed text;
  • Baidu IME allows third parties to decrypt network communications and extract typed text in Windows due to an encryption protocol error BAIDUv3.1;
  • iFlytek IME for Android enables third parties to recover text through inadequately encrypted network communications;
  • Samsung Keyboard on Android transmits key presses using a plain, unencrypted HTTP protocol;
  • on Xiaomi devices, Baidu, iFlytek, and Sogou keyboards are pre-installed, exposing them to the aforementioned issues;
  • on OPPO devices, Baidu and Sogou keyboard applications are pre-installed, also susceptible to the mentioned shortcomings;
  • Vivo comes with a pre-installed vulnerable Sogou IME;
  • and on Honor devices, a vulnerable Baidu IME is pre-installed.

Citizen Lab suggests that Chinese application developers are less likely to utilize Western cryptographic standards due to concerns about potential backdoors, leading them to develop their own ciphers and introducing vulnerabilities.

After researchers notified keyboard developers of the identified issues, most have fixed the bugs. Only experts at Honor and Tencent are still working on patches.

“Given the scale of these vulnerabilities, the sensitivity of what users typically type on their devices, and the ease with which these vulnerabilities could be discovered, along with the fact that the Five Eyes alliance previously used similar vulnerabilities for surveillance in Chinese applications, it is quite possible that user keystrokes were subjected to mass monitoring,” conclude the specialists.

0 / 5

Your page rank:

Subscribe: YouTube page opens in new windowLinkedin page opens in new windowTelegram page opens in new window

Leave a Reply

Your email address will not be published. Required fields are marked *

Post comment