DarkMahesvara on Nostr: "We analyzed Sogou Input Method on three operating system platforms, finding that the ...
"We analyzed Sogou Input Method on three operating system platforms, finding that the app has troubling vulnerabilities in its custom-designed encryption system which render sensitive data such as the keystrokes that users type decipherable to network eavesdroppers. "
[...]
"Our difficulties receiving Tencent’s email response to our disclosure highlight unexpected challenges in disclosing vulnerabilities to companies in certain jurisdictions. After disclosing the vulnerabilities to Tencent, we measured that our email domain (citizenlab(.)ca) is blocked in China"
https://web.archive.org/web/20230810090627/https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/>cloud keyboard (because too many moonrunes)
>homebrew encryption
>communication difficulties because of great firewall
Published at
2023-08-11 16:10:20Event JSON
{
"id": "18e7f4918cd3541c73edfe05ebe54cc0c2225061e52063b0b96281527ab01dfc",
"pubkey": "ba6988992ab9a4a3855d4a3f1c4e754af01bc1d3a31d378553270b5b0896eebb",
"created_at": 1691763020,
"kind": 1,
"tags": [
[
"emoji",
"doge_laugh",
"https://varishangout.net/emoji/Doge/doge_laugh.png"
],
[
"proxy",
"https://varishangout.net/objects/74332248-4743-44c5-80bd-efb48e723ce0",
"activitypub"
]
],
"content": "\"We analyzed Sogou Input Method on three operating system platforms, finding that the app has troubling vulnerabilities in its custom-designed encryption system which render sensitive data such as the keystrokes that users type decipherable to network eavesdroppers. \"\n[...]\n\"Our difficulties receiving Tencent’s email response to our disclosure highlight unexpected challenges in disclosing vulnerabilities to companies in certain jurisdictions. After disclosing the vulnerabilities to Tencent, we measured that our email domain (citizenlab(.)ca) is blocked in China\"\n\nhttps://web.archive.org/web/20230810090627/https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/\n\n\u003ecloud keyboard (because too many moonrunes)\n\u003ehomebrew encryption\n\u003ecommunication difficulties because of great firewall\n:doge_laugh:",
"sig": "16def81f1e460d180737e9c7148935e01b6d48d0c7910348eff5c1355451bcf7e497acb30904a81ce51619e5f735169ac505bad66cb705f987a197b86c99724a"
}
