A Chinese language input app has been found vulnerable to serious security flaws that could allow a malicious intruder to decipher the text typed by users.
The findings from the University of Toronto’s Citizen Lab come from an analysis of the encryption mechanism used in Tencent’s Sogou Input Method, an app that has over 455 million monthly active users across Windows, Android, and iOS.The vulnerabilities are rooted in EncryptWall, the service’s custom encryption system, allowing network eavesdroppers to extract the textual content and access sensitive data.
According to the lab, While no cryptographic protocol is perfect, TLS implementations had already ameliorated vulnerability to CBC padding oracle attacks in 2003.
Entrusting text with this kind of insecure code allows one to decrypt a message without ever knowing the encryption key.
๐ Feeling the vibes?
Keep the good energy going by checking out my Amazon affiliate link for some cool finds! ๐๏ธ
If not, consider contributing to my caffeine supply at Buy Me a Coffee โ๏ธ.
Your clicks = cosmic support for more awesome content! ๐๐
Leave a Reply