This bug allows malicious attackers to hack devices and user accounts by intercepting data entered by users. Image credit: Pexels
A recent investigation by Citizen Lab uncovered critical security vulnerabilities across popular Chinese keyboard apps that could potentially impact billions of users. This bug has been identified in the cloud-based Pinyin keyboard app and allows malicious attackers to hack into devices and user accounts by intercepting user data sent between the device and the cloud. .
This study focused on analyzing pre-installed apps from major vendors such as Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi. Shockingly, eight out of nine vendors were found to have critical vulnerabilities, leaving user data exposed to interception by passive network eavesdroppers.
Huawei was the only company that came out unscathed in a security audit conducted by Citizen Lab.
The implications of these studies are profound. Such a bug could affect hundreds of millions of users, especially given the widespread popularity of Honor, OPPO, and Xiaomi smartphones in China and its neighboring countries.
The nature of these bugs allowed attackers to intercept users' keystrokes as they moved. This compromised sensitive information ranging from text messages to financial details.
The crux of the problem lies in how the input data is transmitted over the Internet. Unlike the Latin-based alphabet, the Pinyin keyboard used by the majority of users in mainland China sends data to a remote he server for predictive text functionality. This reliance on cloud-based functionality makes the app vulnerable to surveillance, effectively acting as a keylogger.
Citizen Lab immediately notified all affected vendors of the vulnerability, but Honor was the only one that failed to address the issue by the specified deadline.
Most service providers have since patched the bug, and researchers are advising users to update their apps and operating systems to improve security.
Additionally, to reduce future risks to privacy and sensitive data, users are being encouraged to move from cloud-based keyboard apps to keyboard apps that run entirely on their devices.
This fact highlights the importance of robust security measures in mobile applications, especially widely used keyboard applications that handle large amounts of personal data.
As cyber threats continue to evolve, proactive steps must be taken to protect user privacy and protect against potential exploitation by malicious actors.
(Information provided by agency)
find us on youtube
subscribe