1. InfoconDB
  2. DEF CON
  3. DEF CON 32 (2024)
  4. The not-so-silent type: Breaking network crypto in almost every popular Chinese keyboard app

The not-so-silent type: Breaking network crypto in almost every popular Chinese keyboard app

Presented at DEF CON 32 (2024), Aug. 11, 2024, 10 a.m. (45 minutes).

People who don’t type Chinese might be surprised to learn that popular Chinese Input Method Editor (IME) keyboards can act as keyloggers; they transmit your keystrokes over the Internet to enable “cloud-based” support features to improve character prediction when typing. *Everyone* might be surprised to learn that these keyloggers, which were already collecting everything you type into your device, were doing it *insecurely*. In this talk, we will describe how we systematically exploited every single popular Chinese IME keyboard vendor’s home-rolled network encryption protocol. Namely, we show how any network eavesdropper can read the keystrokes of what users of these vendors’ keyboards are typing. The affected keyboards include the three most popular Chinese IME keyboards, Sogou IME, Baidu IME, and iFlytek IME, collectively used by almost 800 million users, as well as default and pre-installed keyboards on basically every popular Android mobile device except for Huawei’s. We also discuss how we got here, re-affirm the age-old adage, “Don’t roll your own crypto!”, and call on hackers around the world to help us move towards HTTPS everywhere in understudied app ecosystems. [link](https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/) [link](https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/)

Presenters:

  • Mona Wang - PhD candidate in Computer Science at Princeton University
    Mona Wang is a PhD candidate in Computer Science at Princeton University specializing in network security and privacy. As an Open Technology Fellow at the Citizen Lab, she studied various proprietary encryption protocols used by popular Chinese mobile applications.
  • Jeffrey Knockel - Senior Research Associate at Citizen Lab
    Jeffrey Knockel is a Senior Research Associate at the Citizen Lab. In his research, he seeks to bring transparency to censorship, surveillance, and other harmful software behavior.

Similar Presentations: