Millions of users of Chinese keyboard applications on smartphones could be at risk of having their personal information exposed due to serious encryption vulnerabilities. Recently, researchers discovered serious encryption vulnerabilities in cloud-based input software pinyin from eight companies.
While there is no evidence that the vulnerabilities are being exploited, several previous incidents make this a potentially serious problem. These vulnerabilities in affected apps, including Baidu Pinyin, Tencent QQ Pinyin, iFlytek IME, Samsung Keyboard, Xiaomi (using keyboards from Baidu, iFlytek, and Sogou), OPPO, Vivo, and Honor, could allow hackers to spy on everything users type, including passwords, messages, and financial information.
However, iOS and Huawei apps are considered safe from this vulnerability. Attackers can easily exploit these vulnerabilities to steal user data and use stolen information to commit fraud, identity theft, and other cyber attacks. In 2018, researchers discovered several popular keyboard apps were collecting user data without their consent, which was then sold to data brokers and used for advertising purposes.
To protect yourself from security vulnerabilities in virtual keyboard applications, immediately update your keyboard app to the latest version. Use strong and unique passwords for each account, be careful when visiting untrustworthy websites and links, and turn off data sharing in your keyboard app settings.