Cishe zonke izinhlelo zokusebenza zekhibhodi ezivumela abasebenzisi ukuthi bafake izinhlamvu zesi-Chinese ku-Android yabo, i-iOS, noma amanye amadivayisi eselula asengozini yokuhlaselwa okuvumela isitha ukuthi sithwebule wonke ama-keystrokes abo.
Lokhu kuhlanganisa idatha efana nemininingwane yokungena, ulwazi lwezezimali, nemilayezo ebingabethelwa ngasemaphethelweni, ucwaningo olusha olwenziwa yiCitizen Lab yase-Toronto University's Citizen.
Inkinga Yonke indawo
Okwe cwaningo, abacwaningi kulebhu bacabangele izinhlelo zokusebenza ze-Pinyin ezisekelwe emafini (ezihumusha izinhlamvu zesiShayina emagameni apelwe ngezinhlamvu zesiroman) ezivela kubathengisi abayisishiyagalolunye abadayisela abasebenzisi base-China: i-Baidu, i-Samsung, i-Huawei, i-Tencent, i-Xiaomi, i-Vivo, i-OPPO, i-iFlytek, ne-Honor . Uphenyo lwabo lubonise konke ngaphandle kohlelo lokusebenza oluvela ku-Huawei ukuthi ludlulisela idatha ye-keystroke efwini ngendlela eyenza i-eavesdropper ikwazi ukufunda okuqukethwe ngombhalo ocacile futhi nobunzima obuncane. Abacwaningi beCitizen Lab, asebezitholele udumo eminyakeni edlule ngokudalula ubunhloli be-inthanethi abaningi, ukugadwa, nezinye izinsongo okuqondiswe kubasebenzisi beselula kanye nezinhlangano zomphakathi, uthe ngamunye wabo uqukethe okungenani ubungozi obukodwa obusebenzisekayo endleleni abasingatha ngayo ukuthunyelwa kokhiye babasebenzisi ukuya emafini.
Ububanzi bobungozi akufanele buthathwe kancane, abacwaningi beCitizen Lab uJeffrey Knockel, Mona Wang kanye no-Zoe Reichert babhale embikweni ofinyeza abakutholile kuleli sonto: Abacwaningi abavela kuCitizen Lab bathole ukuthi u-76% wabasebenzisi bohlelo lokusebenza lekhibhodi e-Mainland China, empeleni, sebenzisa ikhibhodi ye-Pinyin ukufaka izinhlamvu zesi-Chinese.
"Bonke ukukhubazeka esikuhlanganise kulo mbiko kungaxhashazwa ngaphandle kokuthumela noma iyiphi i-traffic yenethiwekhi eyengeziwe," kusho abacwaningi. Futhi ukuqalisa, ubungozi bekulula ukutholakala futhi abudingi ubuciko bezobuchwepheshe ukuze busetshenziswe, baphawula. "Ngakho-ke, singase sizibuze, ingabe lobu buthakathaka busebenza ngokuxhashazwa kwabantu abaningi?"
Uhlelo lokusebenza ngalunye lwekhibhodi ye-Pinyin olusengozini oluhlolwe yiCitizen Lab lunakho kokubili okusendaweni, okukudivayisi kanye nesevisi yokuqagela esekelwe emafini yokuphatha iyunithi yezinhlamvu ezinde zamagama kanye nezinhlamvu eziyinkimbinkimbi. Kuzinhlelo zokusebenza eziyisishiyagalolunye abazibhekile, ezintathu bezivela kubathuthukisi bezinhlelo zeselula - i-Tencent, i-Baidu, ne-iFlytek. Ezinhlanu ezisele bekuyizinhlelo zokusebenza i-Samsung, i-Xiaomi, i-OPPO, i-Vivo, ne-Honor - bonke abakhiqizi bemishini yeselula - ababezenzele bona ngokwabo noma ababezihlanganise kumadivayisi abo bevela kunjiniyela wenkampani yangaphandle.
Isebenziseka nge-Active & Passive Methods
Izindlela zokuxhaphaza ziyehluka kuhlelo lokusebenza ngalunye. Uhlelo lokusebenza lwe-Tencent's QQ Pinyin lwe-Android ne-Windows ngokwesibonelo lube sengozini evumele abacwaningi ukuthi bakhe ithuba elisebenzayo lokususa ukubethela kokhiye ngokusebenzisa izindlela ezisebenzayo zokulalela. I-IME ka-Baidu ye-Windows iqukethe ukuba sengozini okufanayo, lapho i-Citizen Lab idale ithuba elisebenzayo lokususa ukubethela kwedatha ye-keystroke ngazo zombili izindlela ezisebenzayo nezingenzi lutho zokulalela.
Abacwaningi bathole obunye ubuthaka obuhlobene obubethelwe bobumfihlo nokuvikeleka kuzinguqulo ze-iOS ne-Android ze-Baidu kodwa abazange bathuthukise amakhono abo. Uhlelo lokusebenza le-iFlytek le-Android libe sengozini evumele i-evesdropper ethule ukuthi iphinde ibuyele ekudluliselweni kwekhibhodi yemibhalo engenalutho ngenxa yokungenele. ukubethela kweselula.
Ngasohlangothini lomthengisi wezingxenyekazi zekhompuyutha, uhlelo lokusebenza lwekhibhodi lwasekhaya lwe-Samsung alunikezanga nhlobo ukubethela futhi esikhundleni salokho lwathumela ukuthunyelwa kwezinkinobho kucacile. AbakwaSamsung baphinde banikeze abasebenzisi inketho yokusebenzisa uhlelo lokusebenza lwe-Tencent's Sogou noma uhlelo lokusebenza olusuka ku-Baidu kumadivayisi abo. Kulezi zinhlelo zokusebenza ezimbili, iCitizen Lab ikhombe uhlelo lokusebenza lwekhibhodi ye-Baidu njengesengcupheni yokuhlaselwa.
Abacwaningi abakwazanga ukuhlonza noma iyiphi inkinga ngohlelo lokusebenza lwekhibhodi ye-Pinyin ethuthukiswe ngaphakathi ye-Vivo kodwa babe nokusebenzisana okuba sengozini abakuthola kuhlelo lokusebenza lwe-Tencent olutholakala futhi kumadivayisi e-Vivo.
Izinhlelo zokusebenza zezinkampani zangaphandle ze-Pinyin (kusuka ku-Baidu, Tencent, ne-iFlytek) ezitholakala ngamadivayisi asuka kwabanye abenzi bedivayisi yeselula zonke zibe sengozini futhi.
Lezi akuzona izindaba ezingavamile, kuvela. Ngonyaka odlule, iCitizen Labs yenze uphenyo oluhlukile e-Tencent's Sogou - esetshenziswa abantu ababalelwa ezigidini ezingama-450 eChina - futhi yathola ubungozi obudalula izinkinobho zokhiye ekuhlaselweni okulalele.
“Ngokuhlanganisa ubungozi obutholwe kulokhu kanye nombiko wethu wangaphambilini ohlaziya izinhlelo zokusebenza zekhibhodi ye-Sogou, silinganisela ukuthi abasebenzisi abangafika kwesigidigidi bathintwa lobu bungozi,” kusho iCitizen Lab.
Ubuthakathaka kungenzeka vumela ukubhekwa kwabantu abaningi yabasebenzisi bedivayisi yeselula yamaShayina - okuhlanganisa nezinsizakalo zezobunhloli zezimpawu ezibizwa ngokuthi yi-Five Eyes Nations - i-US, UK, Canada, Australia, ne-New Zealand - iCitizen Lab ithe; ubungozi kuzinhlelo zokusebenza zekhibhodi ezitholwe yiCitizen Lab ocwaningweni lwayo olusha zifana kakhulu nokuba sengozini kwesiphequluli se-UC esithuthukiswe e-China lezo izinhlangano zezobunhloli ezivela kulawa mazwe ezizisebenzisele izinjongo zokugada, kuphawulwe umbiko.
- I-SEO Powered Content & PR Distribution. Khuliswa Namuhla.
- I-PlatoData.Network Vertical Generative Ai. Zinike Amandla. Finyelela Lapha.
- I-PlatoAiStream. I-Web3 Intelligence. Ulwazi Lukhulisiwe. Finyelela Lapha.
- I-PlatoESG. Ikhabhoni, I-CleanTech, Amandla, Environment, Ilanga, Ukuphathwa Kwemfucuza. Finyelela Lapha.
- I-PlatoHealth. I-Biotech kanye ne-Clinical Trials Intelligence. Finyelela Lapha.
- Source: https://www.darkreading.com/endpoint-security/most-chinese-keyboard-apps-vulnerable-to-eavesdropping
