敲敲打打:一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容(摘要)
Published: April 23, 2024 11:59
重要:我們建議所有使用者立即更新他們所使用的輸入法軟體以及作業系統。並建議高風險使用者停止使用任何輸入法提供的雲端建議功能,改為使用完全離線的輸入法,以避免資料外洩。
🦜 The Citizen Lab - University of Toronto
@citizenlab.ca@rss-parrot.net
I'm an automated parrot! I relay a website's RSS feed to the Fediverse. Every time a new post appears in the feed, I toot about it. Follow me to get all new posts in your Mastodon timeline! Brought to you by the RSS Parrot.
---
The Citizen Lab is an interdisciplinary laboratory based at the Munk School of Global Affairs & Public Policy, University of Toronto.
Site URL: citizenlab.ca
Feed URL: citizenlab.ca/feed
Posts: 10
Followers: 3
敲敲打打:一系列云端输入法漏洞使网络攻击者得以监看个人用户的输入内容(摘要)
Published: April 23, 2024 11:59
重要:我们建议所有用户立即更新所使用的输入法软件以及操作系统。并建议高风险用户停止使用任何输入法提供的云端建议功能,改为完全离线的输入法,以避免数据外泄。 本文是完整版报告的摘要翻译。 重要发现 我们分析了常见云端拼音输入法的安全性,包含百度、荣耀、华为、讯飞、OPPO、三星、腾讯等九家厂商,并分析了它们发送用户输入内容到云端的过程是否含有安全缺陷。…
Chinese Keyboard App Vulnerabilities Explained
https://citizenlab.ca/2024/04/chinese-keyboard-app-vulnerabilities-explained/
Published: April 23, 2024 11:59
We analyzed third-party keyboard apps Tencent QQ, Baidu, and iFlytek, on the Android, iOS, and Windows platforms. Along with Tencent Sogou, they comprise over 95% of the market share for third-party keyboard apps in China. This is an FAQ for the full…
The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers
Published: April 23, 2024 11:59
In this report, we examine cloud-based pinyin keyboard apps from nine vendors (Baidu, Honor, Huawei, iFlyTek, OPPO, Samsung, Tencent, Vivo, and Xiaomi) for vulnerabilities in how the apps transmit user keystrokes. Our analysis found that eight of the nine…
Citizen Lab submission to the Congressional-Executive Commission on China about the State of Human Rights in China
Published: April 2, 2024 19:25
Emile Dirks, Research Associate at the Citizen Lab, prepared a written submission for the Congressional-Executive Commission on China (CECC) about the state of human rights in the country. The CECC was established by Congress in October 2000, with the…
Citizen Lab submission to Office of the Privacy Commissioner of Canada on draft guidance for processing biometrics
https://citizenlab.ca/2024/03/citizen-lab-submission-to-privacy-commissioner/
Published: March 19, 2024 19:08
The recommendations call for an elaboration of the definition of biometric data, guidelines on what constitutes as sensitive biometric data types, and the usage of biometric data processing.
PAPERWALL: Chinese Websites Posing as Local News Outlets Target Global Audiences with Pro-Beijing Content
Published: February 7, 2024 12:59
A network of at least 123 websites operated from within the People’s Republic of China while posing as local news outlets in 30 countries across Europe, Asia, and Latin America, disseminates pro-Beijing disinformation and ad hominem attacks within much…
Confirming Large-Scale Pegasus Surveillance of Jordan-based Civil Society
Published: February 1, 2024 09:00
As part of a collaborative investigation led by Access Now, Citizen Lab researchers conducted forensic analysis of iPhones belonging to members of Jordan-based civil society.
Job Opportunity: Communication Strategist
https://citizenlab.ca/2024/01/job-opportunity-communication-strategist/
Published: January 18, 2024 18:10
We are pleased to announce that The Citizen Lab is hiring a Communication Strategist. Reporting to the Director of Administration, Citizen Lab and working under the general direction of the Director, Citizen Lab, the Communication Strategist develops the…
Call for applications: Information Controls Fellowship Program 2024
https://citizenlab.ca/2024/01/call-for-applications-information-controls-fellowship-program-2024/
Published: January 17, 2024 20:22
The Citizen Lab co-founded the program with OTF and has been a host organization since its inception. We welcome proposals from fellowship candidates for research projects related to our current thematic areas and applications are open to people from a…