The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers - The Citizen Lab

lemmyreader ( @lemmyreader@lemmy.ml ) · 2 years ago

The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers - The Citizen Lab

moon ( @moon@lemmy.ml ) · 2 years ago

A billion vulnerable users is wild. I’m sure there are government entities taking advantage of this already

m-p{3} ( @mp3@lemmy.ca ) · 2 years ago

Oh yes, one example is Naomi Wu.

StellarExtract ( @StellarExtract@lemm.ee ) · 2 years ago

Damn, I didn’t know what had happened to her. I really liked her content.

delirious_owl ( @delirious_owl@discuss.online ) · 2 years ago

Yeah and didn’t she work with Citizen Lab in the past about this? I’m wondering what’s new here.

Aatube ( @Aatube@kbin.melroy.org ) · 2 years ago

What’s new is that apparently “We reported these vulnerabilities to all nine vendors. Most vendors responded, took the issue seriously, and fixed the reported vulnerabilities, although some keyboard apps remain vulnerable.”

delirious_owl ( @delirious_owl@discuss.online ) · 2 years ago

This report is not about how operators of cloud-based IMEs read users’ keystrokes, which is a phenomenon that has already been extensively studied and documented. This report is primarily concerned with the issue of protecting this sensitive data from network eavesdroppers.

So basically, even after these vulns are fixed, the attacker can just NSL the cloud providers and, boom, surveillance slurping continues.