Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.

  • Hawk@lemmy.dbzer0.com
    link
    fedilink
    English
    arrow-up
    5
    arrow-down
    3
    ·
    1 year ago

    Literally says in bold even:

    the keystrokes of Sogou Input Method users can be decrypted by a network eavesdropper, informing the eavesdropper of what users are typing as they type.

    AKA every keystroke

    • gnuhaut
      link
      fedilink
      English
      arrow-up
      2
      arrow-down
      3
      ·
      1 year ago

      I assume they mean “if suitable suggestions are not available in the input method’s local database”. Like you start typing a word, and when it doesn’t find any match locally, it goes to the server. After that, any additional keystroke gets reported to the server “as they type”.