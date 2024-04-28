Great Moto G Stylus deal on Amazon!

Keyboard apps used by one billion users found to have a flaw that exposes keystrokes

By
1comment
Samsung Xiaomi honor Oppo
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Research laboratory Citizen Lab has discovered a vulnerability in popularly used keyboard apps that it estimates affected an alarming number of users.

The flaw was found in keyboard apps used for inputting Chinese characters using the pinyin writing system. The researchers analyzed apps from nine vendors - Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The devices that were examined were sold in China. 

It was found that Samsung Keyboard didn't perform encryption of any kind and most others did not use asymmetric cryptography.

Since creating keyboards that allow users to type Chinese characters quickly and easily is something of a challenge, many of these apps, including the ones that the researchers analyzed, offer cloud-based prediction. The inclusion of this feature means that whatever is typed is sent to servers elsewhere. 

Out of all the pinyin keyboard apps Citizen Lab analyzed, all except Huawei's were found to have vulnerabilities that could be exploited to reveal what a user was typing. The flaw essentially turns cloud-based keyboards into keyloggers.

The vulnerabilities can be exploited by a passive network eavesdropper without any interference to the communication channel, making them difficult to detect.

Flaws like these which let you read what someone types on their device can be of interest to various actors including government intelligence agencies. The researchers fear that they may have not been the first to discover the vulnerabilities and they may have been exploited for surveillance purposes.

Recommended Stories
The researchers believe that up to a billion users may have been affected by this and another similar vulnerability. The vulnerabilities were reported to all the vendors and most of them have fixed them.

The report notes that neither Apple's nor Google's keyboard apps transmit keystrokes to cloud servers.

If you don't want anyone finding out what you type on your phone, it's recommended that you stick to on-device keyboards and keep your apps and operating systems up to date.
https://m-cdn.phonearena.com/images/users/270-200/Anam.jpg
Anam Hamid Mobile Tech News and Deals Journalist
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.

Recommended Stories

Loading Comments...

Popular stories

Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'
Next time you contact T-Mobile, you'll probably be assisted by an employee with 'superpowers'
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Verizon customers need to be on red alert as a phishing campaign aims to steal their money
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
Samsung's killer Galaxy Watch 6 Classic trade-in deal comes just in time for Mother's Day
T-Mobile is now going to dictate where you can use its 5G internet
T-Mobile is now going to dictate where you can use its 5G internet
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
Why in the world would I pay top dollar for the Galaxy S24 Ultra if it gets left behind by Samsung?
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)
Apple signals the imminent release of the iPad Air (2024) and iPad Pro (2024)

Latest News

HTC could launch another mid-range smartphone this summer
HTC could launch another mid-range smartphone this summer
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
Major leak reveals images, video, release date of Apple's new Beats Solo Buds and Beats Solo 4
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
OnePlus Nord 4 and Nord CE4 Lite key specs leaked
Apple removes three apps from App Store that claimed in ads they could create AI porn
Apple removes three apps from App Store that claimed in ads they could create AI porn
Samsung Internet Browser Beta app adds useful new features
Samsung Internet Browser Beta app adds useful new features
Three-judge panel says cops can force you to unlock your phone using your fingerprint or face
Three-judge panel says cops can force you to unlock your phone using your fingerprint or face
FCC OKs Cingular\'s purchase of AT&T Wireless