Great Moto G Stylus deal on Amazon!

Keyboard apps used by one billion users found to have a flaw that exposes keystrokes

By
3comments
Keyboard apps used by one billion users found to have a flaw that exposes keystrokes
Research laboratory Citizen Lab has discovered a vulnerability in popularly used keyboard apps that it estimates affected an alarming number of users.

The flaw was found in keyboard apps used for inputting Chinese characters using the pinyin writing system. The researchers analyzed apps from nine vendors - Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. The devices that were examined were sold in China. 

It was found that Samsung Keyboard didn't perform encryption of any kind and most others did not use asymmetric cryptography.

Since creating keyboards that allow users to type Chinese characters quickly and easily is something of a challenge, many of these apps, including the ones that the researchers analyzed, offer cloud-based prediction. The inclusion of this feature means that whatever is typed is sent to servers elsewhere. 

Out of all the pinyin keyboard apps Citizen Lab analyzed, all except Huawei's were found to have vulnerabilities that could be exploited to reveal what a user was typing. The flaw essentially turns cloud-based keyboards into keyloggers.

The vulnerabilities can be exploited by a passive network eavesdropper without any interference to the communication channel, making them difficult to detect.

Flaws like these which let you read what someone types on their device can be of interest to various actors including government intelligence agencies. The researchers fear that they may have not been the first to discover the vulnerabilities and they may have been exploited for surveillance purposes.

The researchers believe that up to a billion users may have been affected by this and another similar vulnerability. The vulnerabilities were reported to all the vendors and most of them have fixed them.

The report notes that neither Apple's nor Google's keyboard apps transmit keystrokes to cloud servers.

If you don't want anyone finding out what you type on your phone, it's recommended that you stick to on-device keyboards and keep your apps and operating systems up to date.
https://m-cdn.phonearena.com/images/users/270-200/Anam.jpg
Anam Hamid Mobile Tech News and Deals Journalist
Anam Hamid is a computer scientist turned tech journalist who has a keen interest in the tech world, with a particular focus on smartphones and tablets. She has previously written for Android Headlines and has also been a ghostwriter for several tech and car publications. Anam is not a tech hoarder and believes in using her gadgets for as long as possible. She is concerned about smartphone addiction and its impact on future generations, but she also appreciates the convenience that phones have brought into our lives. Anam is excited about technological advancements like folding screens and under-display sensors, and she often wonders about the future of technology. She values the overall experience of a device more than its individual specs and admires companies that deliver durable, high-quality products. In her free time, Anam enjoys reading, scrolling through Reddit and Instagram, and occasionally refreshing her programming skills through tutorials.

Featured Stories

Weekly deals under $100: Awesome Apple AirPods 2, Galaxy Watch 4 Classic and more exciting offers
Weekly deals under $100: Awesome Apple AirPods 2, Galaxy Watch 4 Classic and more exciting offers
Why TikTok is never leaving the US, and how the Chinese app changed the world forever
Why TikTok is never leaving the US, and how the Chinese app changed the world forever
Samsung reportedly signs deal to supply Apple with foldable displays
Samsung reportedly signs deal to supply Apple with foldable displays
Sorry, world! Samsung’s first-ever leather phone is for China - even if nobody in China cares!
Sorry, world! Samsung’s first-ever leather phone is for China - even if nobody in China cares!
Loading Comments...

Popular stories

T-Mobile customers can breathe a sigh of (temporary) relief as unwelcome change delayed
T-Mobile customers can breathe a sigh of (temporary) relief as unwelcome change delayed
The surreal 512GB Motorola Edge+ (2023) is on sale at a significant discount and includes free top-tier earbuds
The surreal 512GB Motorola Edge+ (2023) is on sale at a significant discount and includes free top-tier earbuds
AT&T, T-Mobile, and Verizon fined for lying about their unlimited data plans
AT&T, T-Mobile, and Verizon fined for lying about their unlimited data plans
US Cellular to be acquired by T-Mobile and Verizon (report)
US Cellular to be acquired by T-Mobile and Verizon (report)
The highly-anticipated Motorola Razr Plus (2024) leaks in new live images
The highly-anticipated Motorola Razr Plus (2024) leaks in new live images
Get an unlocked top-of-the-line Pixel 8 Pro for way less than usual at Best Buy
Get an unlocked top-of-the-line Pixel 8 Pro for way less than usual at Best Buy

Latest News

At 50% off, the premium JBL Tour PRO+ earbuds are a real bargain for all sound lovers on a budget
At 50% off, the premium JBL Tour PRO+ earbuds are a real bargain for all sound lovers on a budget
Why TikTok is never leaving the US, and how the Chinese app changed the world forever
Why TikTok is never leaving the US, and how the Chinese app changed the world forever
The noise-canceling Soundcore Space A40 are a true budget delight after a gorgeous 41% discount on Amazon
The noise-canceling Soundcore Space A40 are a true budget delight after a gorgeous 41% discount on Amazon
Assassin's Creed Mirage launching for iOS devices in June
Assassin's Creed Mirage launching for iOS devices in June
Google Messages tests editing of sent messages
Google Messages tests editing of sent messages
Xiaomi Mix Flip to have fastest charging speed among clamshell foldables
Xiaomi Mix Flip to have fastest charging speed among clamshell foldables
FCC OKs Cingular\'s purchase of AT&T Wireless