Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • gnuhaut@lemmy.ml
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Can you point to where it says that in the report? It actually says:

    an IME will commonly reach out over the network to a cloud-based service for suggestions if suitable suggestions are not available in the input method’s local database.

    So it doesn’t send “every key typed”.

    • Hawk@lemmy.dbzer0.com
      link
      fedilink
      English
      arrow-up
      0
      arrow-down
      1
      ·
      1 year ago

      Literally says in bold even:

      the keystrokes of Sogou Input Method users can be decrypted by a network eavesdropper, informing the eavesdropper of what users are typing as they type.

      AKA every keystroke