Shenfish: Cloud input method with up to one billion users may have leaked input content, please take immediate action to reduce risks
ChainCatcher message, Shenfish stated on social media that cloud input methods with up to one billion users may have leaked input content. If users have entered mnemonic phrases or other sensitive information through any of the following cloud input methods, please take immediate action to reduce risks.This includes nine manufacturers: Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, and analyzes whether their process of sending user input content to the cloud contains security flaws.The analysis results indicate that among the nine manufacturers, eight input method software contain serious vulnerabilities, allowing us to fully crack the encryption methods designed by manufacturers to protect user input content. Some manufacturers also did not use any encryption methods to protect user input content.Based on this study and the vulnerabilities found in our previous research on Sogou Input Method, we estimate that up to one billion users are affected by these vulnerabilities.