Network transmissions of Sogou Input Method, a widely-used Chinese technology company serving over 455 million users monthly, were exposed to a “network eavesdropper,” capturing real-time keystrokes, a recent report by Citizen Lab revealed. Researchers identified “troubling vulnerabilities” in Sogou’s encryption system, potentially enabling the Chinese government to access user communications.
As keystrokes are transmitted to government-operated servers, the report advised caution when sharing sensitive data. Despite being accessible to users beyond China, the vulnerabilities prompted concerns about data privacy and security. The vulnerabilities were addressed by Sogou developers, but the app still relies on server transmission, raising the need for user trust in server security.
Sogou Input Method, known for facilitating the typing of Chinese characters on devices, serves as a vital tool for users compared to Latin script. Roughly 70% of Chinese input method users rely on Sogou.
While the vulnerabilities have been resolved, the report noted that user data, even post-resolution, remains accessible to Sogou’s operators and potential data sharers. The report also highlighted the importance of established encryption protocols like TLS for Chinese software developers to ensure robust security. The report revealed that U.S.-based, Taiwan-based, and Japan-based users constitute a notable portion of Sogou’s user base.
