• @sawa
    link
    396 months ago

    TLDR:

    This study mainly targets Pinyin input, the most popular Chinese input method (hence 1bn potentially affected).

    Vulnerabilities were due to the keyboards’ use of the cloud for dictionaries used in IMEs (essentially a conversion engine). Such IMEs are must-haves for certain languages and converts A-Zs to other scripts. Lack of E2EE resulted in exposed keystrokes.


    Personally I would recommend switching to something which uses a local dictionary. RIME is a good FOSS alternative and can be configured to work on Android via fcitx.

    While the study doesn’t cover English keyboards, this is as good a reminder as any not to use in-built dictionaries in general unless you have to.

    • Possibly linux
      link
      fedilink
      English
      56 months ago

      If you are in China you also have to be very worried about the Chinese government. This is just one out of hundreds of other tools they have to detect disloyalty