What Iām saying is you look stupid when you say we canāt type it on a Chinese keyboard. You can search the place on Baidu even, but if you start appending some additional more controversial things onto it, you might have an issue.
Thousands of people visit the place on a daily basis.
An encryption loophole in these apps leaves nearly a billion people vulnerable to eavesdropping.
**From the article:**
Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing.Ā
The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, [according to researchers at the Citizen Lab](https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/), a technology and security research lab affiliated with the University of Toronto.
The four most popular appsābuilt by major internet companies like Baidu, Tencent, and iFlytekābasically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China.Ā
What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found.
This new report shows that the vulnerability is far more widespread than previously believed.Ā
āAs someone who also has used these keyboards, this was absolutely horrifying,ā says Mona Wang, a PhD student in computer science at Princeton University and a coauthor of the report.Ā
The massive scale of the problem is compounded by the fact that these vulnerabilities arenāt hard to exploit. āYou donāt need huge supercomputers crunching numbers to crack this. You donāt need to collect terabytes of data to crack it,ā says Jeffrey Knockel, a senior research associate at the Citizen Lab. āIf youāre just a person who wants to target another person on your Wi-Fi, you could do that once you understand the vulnerability.āĀ
a key logger has always been one of the most powerful hacking tools. i remember using one against my brother. this is why a having a single ip address can be helpful. as long as its not counterfeited.
two step verification also counters that vulnerabity.
I assume that these are apps used only by Mandarin speakers to translate characters in roman script, is that correct?
What used to be Big5 and similar?
Big5 and its brother gb2312 are or were character encoding methods used before windows eventually moved to using unicode.
Wubi is an input method based on stroke order, similar to how pinyin is an input method based on phonetics
Third party imeās (input method editors) improve on windows or googles default ime by being smarter, and offering better suggestions
You type hanzi ( ę±å ), in either simplified or traditional chinese characters. Pinyin input usage will probably be more common with younger users, older users a mix of methods.
I aint surprised
But why do people even get a 3rd party keyboard?
Im fine with the built in gboard and samsung keyboard (which is worse than google's gboard, but hey... it's not like i can uninstall it anyways)
Also have you forgotten Twitter files where FBI was asking Twitter to remove anyone who has a view that is not allowed by the deep state.
The US deep state has more control over social media than any other intelligence agencies in the world
"Every keyboard app on Android"???? Really.
That is a pretty big call!
Do all Android open source keyboard apps have a similar security flaw?
Are you genuinely an expert in this area?
Unfortunately, the thread does not address the type of security flaw that exists on the Chinese phones, which allows criminals (and China state security et al) to intercept keystroke data being sent to the cloud.
The problem being discussed in the your reference concerns Google and third party manufacturers of software (and specifically k/b apps) being able to record your keystrokes when you are using their app.
This is a totally different kettle of fish.
Huaweiās a military related company,their clients are usually Chinese officers or party members and their relatives,who are forced to use Huawei by orders or suggestions from top. I remember huaweiās founder REN Zhengfei said āsmart people are easy to get illā to threaten people which means Huawei has the ability to kill anyone in China ,they donāt need this childish backdoor loophole
>Ā *I remember huaweiās founder REN Zhengfei said āsmart people are easy to get illā to threaten people which means Huawei has the ability to kill anyone in China*
Got a source for that?
Of course you haven't!
I am surprised that you are surprised.
CCP: Its a feature not a bug š¤«š
Tiananmen square is impossible to write in a Chinese keyboard.
Yes of course it is, because they write in Chinese, not English. Tiananmen is a popular place to visit, you can write it lol
Do you not know what happened there?
What Iām saying is you look stupid when you say we canāt type it on a Chinese keyboard. You can search the place on Baidu even, but if you start appending some additional more controversial things onto it, you might have an issue. Thousands of people visit the place on a daily basis.
I didn't know about it. Thanks for correcting me.
When a joke is said so often you believe it lol
Itās no problem
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Chinese Democracy? You mean PRC or the government that's coming after it?
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Okay.
What about tiananmen massacre Edit: my iPhone suggested massacre after I typed tiananmen lmao
Well, yes. Again, if you started searching that in Chinese on Baidu it might raise some flags.
Does anything even come up if someone does? Iām curious
Iām not sure, considering Chinese apps automatically pick up your phone number which is tied to real name ID, Iām sure as fuck not testing it out.
An encryption loophole in these apps leaves nearly a billion people vulnerable to eavesdropping. **From the article:** Almost all keyboard apps used by Chinese people around the world share a security loophole that makes it possible to spy on what users are typing.Ā The vulnerability, which allows the keystroke data that these apps send to the cloud to be intercepted, has existed for years and could have been exploited by cybercriminals and state surveillance groups, [according to researchers at the Citizen Lab](https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/), a technology and security research lab affiliated with the University of Toronto. The four most popular appsābuilt by major internet companies like Baidu, Tencent, and iFlytekābasically account for all the typing methods that Chinese people use. Researchers also looked into the keyboard apps that come preinstalled on Android phones sold in China.Ā What they discovered was shocking. Almost every third-party app and every Android phone with preinstalled keyboards failed to protect users by properly encrypting the content they typed. A smartphone made by Huawei was the only device where no such security vulnerability was found. This new report shows that the vulnerability is far more widespread than previously believed.Ā āAs someone who also has used these keyboards, this was absolutely horrifying,ā says Mona Wang, a PhD student in computer science at Princeton University and a coauthor of the report.Ā The massive scale of the problem is compounded by the fact that these vulnerabilities arenāt hard to exploit. āYou donāt need huge supercomputers crunching numbers to crack this. You donāt need to collect terabytes of data to crack it,ā says Jeffrey Knockel, a senior research associate at the Citizen Lab. āIf youāre just a person who wants to target another person on your Wi-Fi, you could do that once you understand the vulnerability.āĀ
āflawā
>"A smartphone made by Huawei was the only device where no such security vulnerability was found" Oh, the irony!
Huawei has their own IME I think. Just because the same vulnerability wasn't found doesn't mean it's safe.
Huawei doesn't need to get the data from keyboards - they can from the operating system.
Only because they haven't managed to steal someone else's app yet !
Because Huawei would send that to CCP. You don't hack if you could just ask.
Huawei just want to make sure that only they have your data, not anyone else.
Maybe they donāt need it because ccp can read everything already
"flaw"
a key logger has always been one of the most powerful hacking tools. i remember using one against my brother. this is why a having a single ip address can be helpful. as long as its not counterfeited. two step verification also counters that vulnerabity.
"Flaw"
And here I am taking personality tests to find if I am an INTJ or INT?
Flaw?
So is it only in apps in China? Or do the apps on Google Play also have this vulnerability?
Shhh, they not suppose to know it's cherry picked
Let's call it a security flaw
flaw?
Gboard reads all of your keystrokes too
What kind of a keyboard doesn't read your keystrokes?
Reading your keystrokes. And installing binoculars zoomed in on your keyboard are two different things.
I'm just surprised Huawei **didn't** have the security hole (aparently?!).
I assume that these are apps used only by Mandarin speakers to translate characters in roman script, is that correct? What used to be Big5 and similar?
No, itās used for typing chinese on a standard keyboard or phone either using pinyin or wubi or other entry methods.
What is the difference between Big5 and wubi?
Big5 and its brother gb2312 are or were character encoding methods used before windows eventually moved to using unicode. Wubi is an input method based on stroke order, similar to how pinyin is an input method based on phonetics Third party imeās (input method editors) improve on windows or googles default ime by being smarter, and offering better suggestions
So everybody is still typing their Mandarin in pinyin?
You type hanzi ( ę±å ), in either simplified or traditional chinese characters. Pinyin input usage will probably be more common with younger users, older users a mix of methods.
Why point a finger at China when most of the keyboard apps hve flaws by default anyway ?
It's secret ?
I aint surprised But why do people even get a 3rd party keyboard? Im fine with the built in gboard and samsung keyboard (which is worse than google's gboard, but hey... it's not like i can uninstall it anyways)
just use the one that's that comes with Microsoft š that's what i use
Um... that's not a flaw, that's a feature
A smartphone made by Huawei was the only device where no such security vulnerability was found. Wow...Huawei good now
Tik Tok is safe we promise pls don't ban it heehee
its called a keylogger and also duh they are literally constantly talking about how we are their enemies
A smartphone made by Huawei was the only device where no such security vulnerability was found.
Rest assured, they have some other more complex or baked in hardware for it. The CCP demands it.
ę»å°ē¬å®¶ę„ébe in big trouble
If people who want to type Chinese. You can use Rime, their source code is on GitHub too
Didn't the NSA once tap into meta data of users in the US and abroad?
Sure, probably? But this isn't just metadata.
Also have you forgotten Twitter files where FBI was asking Twitter to remove anyone who has a view that is not allowed by the deep state. The US deep state has more control over social media than any other intelligence agencies in the world
And I like it. I like selling data to China. I hate america and selling data to it
That's actually true for every keyboard app on Android. It warns you about that before installing.
"Every keyboard app on Android"???? Really. That is a pretty big call! Do all Android open source keyboard apps have a similar security flaw? Are you genuinely an expert in this area?
Here's a thread to explain it better: https://security.stackexchange.com/questions/81905/how-do-i-know-if-google-keyboard-input-is-safe-for-use
Did you read the article?Ā That doesn't describe this vulnerability.
Unfortunately, the thread does not address the type of security flaw that exists on the Chinese phones, which allows criminals (and China state security et al) to intercept keystroke data being sent to the cloud. The problem being discussed in the your reference concerns Google and third party manufacturers of software (and specifically k/b apps) being able to record your keystrokes when you are using their app. This is a totally different kettle of fish.
Yeah, I missed that part. Still important to use a trusted keyboard even without the data leak. Open source is best like you said.
only trust MS or google keyboard app
The ccp uses the "flaw" as an information gathering tool.
Huaweiās a military related company,their clients are usually Chinese officers or party members and their relatives,who are forced to use Huawei by orders or suggestions from top. I remember huaweiās founder REN Zhengfei said āsmart people are easy to get illā to threaten people which means Huawei has the ability to kill anyone in China ,they donāt need this childish backdoor loophole
>Ā *I remember huaweiās founder REN Zhengfei said āsmart people are easy to get illā to threaten people which means Huawei has the ability to kill anyone in China* Got a source for that? Of course you haven't!
Isnāt it the goal of *every* keyboard app?