A recent investigation conducted by cybersecurity experts at Citizen Lab highlights a significant security vulnerability present in various popular keyboard applications designed for smartphones. This flaw exposes the communications of almost a billion users to potential unauthorized access.
Vulnerable Keyboard Apps
The study identifies that keyboard apps developed by well-known companies such as Tencent (QQ Pinyin), Baidu (IME), iFlytek (IME), Samsung (Android Keyboard), Xiaomi (utilizing keyboards from Baidu, iFlytek, and Sogou), OPPO, Vivo, and Honor are all susceptible to this security risk.
The critical issue lies in these keyboards transmitting user keystrokes without encryption, essentially sending user input as plain text. This means that anyone with the ability to intercept this data could potentially intercept and read all the information a user types while in transit.
Data Compromise Risk
The information at risk ranges from ordinary text messages to highly sensitive data like passwords and credit card information. Consequently, the potential scale and impact of the compromised data could be substantial.
The research team noted that Huawei was the sole manufacturer whose keyboard application did not exhibit this vulnerability. They were unable to evaluate the security of Apple and Google's keyboards due to the absence of cloud-based communication functionalities in these applications.
Manufacturer Responses
Most manufacturers have reportedly taken steps to address this issue by April 1st, following notification from the investigating firm. However, Honor and Tencent's QQ Pinyin keyboards are still undergoing updates to rectify the problem.
It is strongly recommended that users promptly update their devices if they have not done so recently. Furthermore, opting for a keyboard app developed by a reputable company, such as Google Keyboard, is advised to enhance security measures.