Jump to content

Search the Community

Showing results for tags 'keylogging'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


LinkedIn Profile URL


About Me


Cloud Platforms


Cloud Experience


Development Experience


Current Role


Skills


Certifications


Favourite Tools


Interests

Found 1 result

  1. Almost a billion mobile users, holding various devices, could have had their communications revealed to malicious third parties, a report from cybersecurity researchers Citizen Lab claims. It says different device manufacturers have used different keyboard apps which were relaying unencrypted communications, transmitting keystrokes via plaintext, and similar. Tencent QQ Pinyin, Baidu IME, iFlytek IME, Samsung Keyboard on Android, Xiaomi (with keyboard apps from Baidu, iFlytek, and Sogou), OPPO, Vivo, Honor, all of these allowed potential threat actors to decrypt Chinese mobile users' keystrokes, completely passively, and without the users needing to send any extra network traffic. The team says it believes the keyboard apps found on these devices were “revealing the contents of users’ keystrokes in transit”. Keeping private talk private The only manufacturer whose keyboard app was secure is Huawei, the researchers said. As for Apple and Google, neither app has a feature to transmit keystrokes to cloud servers for cloud-based communications, it was said, which made it impossible to analyze the keyboards for the security of the feature. “However, we observed that none of the mobile devices that we analyzed included Google’s keyboard, Gboard, preinstalled, either,” the researchers claim. The researchers disclosed their findings to the manufacturers and say that as of April 1, almost all have addressed their issues. Only Honor and Tencent (QQ Pinyin) still remain a work in progress. To defend from potential eavesdroppers, users should keep their apps and mobile operating systems updated, and use a keyboard that fully works on the device. Developers, on the other hand, are advised to use well-tested and standard encryption protocols, instead of building their own, potentially vulnerable versions, The Hacker News reports. "Given the scope of these vulnerabilities, the sensitivity of what users type on their devices, the ease with which these vulnerabilities may have been discovered, and that the Five Eyes have previously exploited similar vulnerabilities in Chinese apps for surveillance, it is possible that such users' keystrokes may have also been under mass surveillance," the researchers concluded. More from TechRadar Pro Discover if your data have been leaked with Proton Mail's new toolHere's a list of the best firewalls around todayThese are the best endpoint security tools right now View the full article
  • Forum Statistics

    67.7k
    Total Topics
    65.6k
    Total Posts
×
×
  • Create New...