The default keyboards in Honor, Oppo, and Xiaomi devices are reportedly vulnerable to attacks, Toronto academic research group Citizen Lab revealed.
The discovery was shared after several cloud-based pinyin keyboard apps were examined. According to the group, eight out of nine vendors involved in its test were found transmitting keystrokes, which translates to potential issues for a billion users. According to the report, the vulnerability could expose users’ sensitive information alongside the content of what they are typing using the keyboards.
The issue was immediately divulged to the vendors, who responded by fixing the vulnerabilities. However, the research team noted that “some keyboard apps remain vulnerable.” In its statement, the group named some of the brands involved, including Honor, OPPO, and Xiaomi.
“Sogou, Baidu, and iFlytek IMEs alone comprise over 95% of the market share for third-party IMEs in China, which are used by around a billion people. In addition to the users of third-party keyboard apps, we found that the default keyboards on devices from three manufacturers (Honor, OPPO, and Xiaomi) were also vulnerable to attacks.
“Devices from Samsung and Vivo also bundled a vulnerable keyboard, but it was not used by default. In 2023, Honor, OPPO, and Xiaomi alone comprised nearly 50% of the smartphone market in China,” the report shared.
With the findings, the group wants to warn users of the keyboard apps. According to the team, QQ pinyin or pre-installed keyboard users should consider switching to new keyboards from trusted sources. The same applies to Baidu IME keyboard users, who also have the option to disable the cloud-based feature of their keyboards in their handhelds. Sogou, Baidu, or iFlytek keyboard users, on the other hand, are advised to update their apps and device systems.
