Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk
- С сайта: Vulnerability(cybersecuritynews.com)
- Вернуться к списку новостей
Major Security Flaw in Popular Keyboard Apps Puts Millions at Risk
Author: Guru BaranResearchers have uncovered critical security vulnerabilities in several widely used keyboard apps, including those from major tech giants Samsung, OPPO, Vivo, and Xiaomi.
These flaws could allow network eavesdroppers to intercept and decipher every keystroke a user makes, exposing sensitive personal and financial information.
The Citizen Lab’s comprehensive study focused on the security of cloud-based pinyin keyboard apps from nine different vendors.
The analysis included popular brands such as Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, Vivo, and Xiaomi.
Researchers meticulously examined how these apps transmit users’ keystrokes and searched for any vulnerabilities that could be exploited.
The findings were alarming: eight of the nine vendors had apps vulnerable to interception.
Keystrokes Capture
This means that an attacker could potentially capture everything a user types, including passwords, credit card numbers, private messages, and more, with relatively minimal effort.
The only vendor whose keyboard app was found without such vulnerabilities was Huawei.
According to The Citizen Lab, the vulnerabilities discovered could affect up to one billion users worldwide, given the popularity of the affected keyboard apps.
Vendor App Name Vulnerability Description Potential Impact User Base Affected SamsungSamsung KeyboardUnencrypted data transmissionExposure of all keystrokesHundreds of millionsOPPOOPPO KeyboardWeak encryption methodsEasy interception of typed dataTens of millionsVivoVivo KeyboardNo encryption in certain scenariosDirect access to keystrokesTens of millionsXiaomiXiaomi KeyboardInconsistent encryptionPeriodic exposure of keystrokesHundreds of millionsBaiduBaidu KeyboardUnencrypted data transmissionComplete access to typed informationHundreds of millionsHonorHonor KeyboardWeak encryption methodsPotential decryption of sensitive dataTens of millionsiFlytekiFlytek KeyboardNo encryption for specific data typesExposure of passwords and private messagesMillionsTencentTencent KeyboardInadequate security protocolsInterceptable personal and financial dataHundreds of millionsHuaweiHuawei Keyboard No vulnerabilities found N/AN/A
The ease with which these vulnerabilities can be exploited makes it a significant concern, mainly since keyboard apps are used for entering some of the most sensitive information on a device.
The report also highlighted that this is not an isolated issue. Previous analyses have shown similar vulnerabilities in other Chinese apps, and there have been instances where such weaknesses were exploited by intelligence agencies, including those from the Five Eyes alliance.
The vulnerabilities primarily involve the improper or unsecured transmission of keystroke data to cloud servers.
This data transmission, ideally encrypted, appears to be either poorly implemented or completely unencrypted in the cases mentioned, allowing anyone with the right tools and access to the network to intercept the data easily.
In light of these findings, The Citizen Lab has urged all affected companies to address these security flaws promptly.
Users of the implicated keyboard apps are advised to update their apps as soon as patches are available. In the meantime, switching to alternative keyboard apps that prioritize security might be wise.
The report has already prompted responses from several of the companies involved. Samsung, OPPO, Vivo, and Xiaomi have all acknowledged the issue and have announced that they are working on updates to fix the vulnerabilities.
The companies except Baidu, Vivo, and Xiaomi responded to our disclosures,” Citizenlab said.
Looking to Safeguard Your Company from Advanced Cyber Threats? DeployTrustNetto Your Radar ASAP .
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #cyber_security_news #vulnerability
Оригинальная версия на сайте: