Zoë Reichert
Articles
「請勿公開」:搜狗拼音輸入法 (Sogou Keyboard) 加密中的漏洞使按鍵暴露於網路竊聽之風險
我們分析了騰訊的搜狗拼音輸入法,該輸入法每月活躍使用者超過 4.5 億,是中國最受歡迎的中文輸入法。
“Please do not make it public”: Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping
In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.