In this report, we analyze the Windows, Android, and iOS versions of Tencent’s Sogou Input Method, the most popular Chinese-language input method in China. Our analysis found serious vulnerabilities in the app’s custom encryption system and how it encrypts sensitive data. These vulnerabilities could allow a network eavesdropper to decrypt sensitive communications sent by the app, including revealing all keystrokes being typed by the user. Following our disclosure of these vulnerabilities, Sogou released updated versions of the app that identified all of the issues we disclosed.
Vulnerabilities in Sogou Keyboard encryption expose keypresses to network eavesdropping.
I’m going to guess you’re one of the people who defends tiktok and compares it to every other social media app by saying the US government is basically the same as the Chinese government
It seems to be a very common fallacy in geopolitics to believe that a rival of the US must automatically be morally better. You see plenty of “left wing” imperialism defenses that blame Ukraine for the invasion and insist they should give up and do whatever Russia wants them to do.
It’s apparently disappointingly complex for some people to believe that X can oppose Y and both of them can be horrible bastards. They can’t take criticism of China or Russia because they automatically see an implicit “America better” that’s not really there.
It seems people can’t understand this. Am not American so i have an outside view that’s free from any patriotic feeling and the spoon fed propaganda since childhood.
Not op, I know for sure that China’s been trying to grab as much intelligence as possible going as far as installing sniffing type software in network controllers and servers, and grabbing keystrokes from a keyboard is absolutely despicable and something they would do to grab more intelligence.
The thing I have trouble figuring out is why in the hell people would care about TikTok. What signal intelligence is coming from my wife swiping through 14,000 cat and home organization videos.
Location is turned off The app is sandboxed It’s not allowed to access the camera or the speaker without giving some minor notification that they’re on and people would notice.
I totally get the China will do bad if they can but I fail to see the ultimate danger of TikTok.
The type and scale of the data that TikTok collects is different than other Chinese apps.
There will be replies that talk about advanced ML and predictive algorithms. There will be replies that talk about potential hacks the app can use to bypass iOS or Android policy. That’s a threat, sure, but we don’t even need to go there. We can just focus on the basic data that companies like Google, Meta and TikTok explicitly tell us that they collect in their privacy policy.
Every time you open TikTok, you should assume that the Chinese government knows exactly where you are at that moment, because the app gives them access to your location through GPS. If you use the app frequently, they not only have time and location data, but they know your travel patterns too!
They know who you interact with and who those people interact with. They know what kinds of content you like and what you dislike. They can use this information to intentionally feed you with disinformation in ways that make you more likely to believe it.
The misinformation feed attack risk is not unique to TikTok. Others have already been misused in this exact way. The important difference is that when information is housed by companies like Meta and Google which are incorporated in the US, its use and storage is subject to US regulation. We can simply disallow use and storage of data and practices that we don’t approve of.
If you’ve done something illegal or embarrassing on TikTok, it could be used to compromise you for a foreign nation’s interest. If you are a 20 year old wild child, they won’t have any interest in doing anything with that information right now. In a few decades, if TikTok continues its dominance in social media, China will have compromising information on an uncomfortably high number of powerful leaders and politicians. You don’t even have to do something obvliviously stupid like say something racist or admit to a crime in a DM. For example, with just location data they can know if a politician cheated on their spouse and with whom! Imagine a politician publicly saying that they did not meet with some business leader or politician about some scandalous thing. Well, in a world where everyone has TikTok, the Chinese government knows if that’s a lie or not. In theory Verizon/Meta/Apple wouldn’t know that since that data is purported to be anonymized. Even if they did have that information, it’s hard to imagine any US tech company using it for their own interest. A US company would likely not survive that kind of act - it would be corporate suicide. On the other hand, it is hard to imagine a foreign adversary NOT engaging in that type of blackmail when given the opportunity.
Now consider companies like Tencent. How can information on League of Legends play sessions can be used to blackmail a politician, manipulate an election or foment widespread social unrest? It might be possible, but it’s not easy to think of how it could be done. With TikTok, it’s blindingly obvious how all of those things could happen.
Most other Chinese apps don’t collect anywhere near as much personal and sensitive information. The ones that do collect the same level of sensitive data, like Tencent’s QQ, aren’t used by enough people where it would be realistic to speculate that this information can be used in a similarly widespread and extremely damaging way. Even then, the US government should seriously think through the damage that could be done with the information QQ collects by assuming the Chinese government has complete access to all collected data and hostile intent. With TikTok, you don’t need to spend more than a few seconds thinking about this to frighten yourself.
I don’t know what you mean by sandboxed but I’m pretty sure it cannot be as private as it seems, even if you’re using a VPN. But regardless, 99.99% of tiktok users are not taking steps to protect their data. hundreds of billions of data points that help an authoritarian government know how people think is nothing to shrug at.
Mobile apps aren’t in the wild west anymore. They don’t get access to the other apps and can’t wander around unlimited on your device without clear permission. If you say no location, they don’t get location. It used to be different, but apple and google are on the same page now and they don’t let apps abuse you without clear permission anymore.
Even pulling your IP and giving them a vague city level location, They’re correlating that with liking 30 second random content videos and music. This isn’t even the level of intelligence you 'd get from FB or Youtube people aren’t searching tictok to see how to use software or edit code or how public infrastructure works. You’re getting organziation, cat videos, kids coming home from the dentist saying crazy things. I just don’t really see it as a big deal.
you say all this and trillions of dollars still ride on their ability, which we very much knows exists, to stitch together billions of datapoints to know things about their users.
What the fuck are you talking about? This has nothing to do with America, the problem here is you’re falsely equating a horrifyingly authoritarian government and basically writing it off as the “sAmE aS gOoGlE”
How many times has the US military ever murdered 900+ protestors in broad daylight then censored it from all media and imprisoned anyone who talks about it decades later?
Educate yourself. Jesus fucking Christ.
For the record I don’t need to read more about the US government corruption, that’s known. The fact that you’re comparing the two is disturbing af
Several in fact. Most famously they bombed Tulsa oklahoma when black people there got too wealthy. But now multiple states are banning the teaching of it, alongside banning the teaching of our genocide of the Native Americans.
We do most of our murder of innocent people these days abroad though which isn’t really much better, but most Americans are apparently completely fine with children being murdered so long as they aren’t white and they aren’t here, or they aren’t in an American school being shot by one of their peers.
if you wanted to make this a whataboutism is bad argument i’d be with you, but you’re still toeing the line of “oh but it’s okay when america does bad stuff, it’s not the same”
Starting with the native American or i don’t count it ?
I don’t know ? Is shooting a bus full of kids and laughing about it saying they’ll grow up to be terrorist anyway isn’t that far off and this is the tip of the iceberg buddy. USA is good at hiding murdering brown people by prefixing the word terrorists.
Ask the dude from Afghanistan that was randomly taken and tortured beyond belief for just being in the place in the wrong time. He was repeatedly raped with a broom and his pelvis shattered from getting kicked repeatedly on the groin area. Oh yeah, he died. How human of them.
The troops advanced into central parts of Beijing on the city’s major thoroughfares in the early morning hours of 4 June and engaged in bloody clashes with demonstrators attempting to block them, in which many people – demonstrators, bystanders, and soldiers – were killed. Estimates of the death toll vary from several hundred to several thousand, with thousands more wounded.[15][16][17][18][19][20]
If.you lived in China you’d likely not know about this, since people who talk about it go to prison. Yeah the US is exactly like this so let’s not talk about Chinese government being awful to their citizens
I’m going to guess you’re one of the people who defends tiktok and compares it to every other social media app by saying the US government is basically the same as the Chinese government
I don’t think this post is a defence of China, its a damning of the invasive governments, which the US also has.
It’s a warning that we are one step away from China, and should do something about it.
No it’s not a “warning,” it’s just boring old whataboutism.
The first part of your comment is like a textbook example of the fallacy.
I’m not so sure. The China apologists are in every thread like this and I don’t think it’s something to dismiss
It seems to be a very common fallacy in geopolitics to believe that a rival of the US must automatically be morally better. You see plenty of “left wing” imperialism defenses that blame Ukraine for the invasion and insist they should give up and do whatever Russia wants them to do.
It’s apparently disappointingly complex for some people to believe that X can oppose Y and both of them can be horrible bastards. They can’t take criticism of China or Russia because they automatically see an implicit “America better” that’s not really there.
yeah, that’s fair. I think that it is more common to like a thing (tiktok) and defend it however you can.
It seems people can’t understand this. Am not American so i have an outside view that’s free from any patriotic feeling and the spoon fed propaganda since childhood.
Not op, I know for sure that China’s been trying to grab as much intelligence as possible going as far as installing sniffing type software in network controllers and servers, and grabbing keystrokes from a keyboard is absolutely despicable and something they would do to grab more intelligence.
The thing I have trouble figuring out is why in the hell people would care about TikTok. What signal intelligence is coming from my wife swiping through 14,000 cat and home organization videos.
Location is turned off The app is sandboxed It’s not allowed to access the camera or the speaker without giving some minor notification that they’re on and people would notice.
I totally get the China will do bad if they can but I fail to see the ultimate danger of TikTok.
From “the olden times” (Reddit link):
I don’t know what you mean by sandboxed but I’m pretty sure it cannot be as private as it seems, even if you’re using a VPN. But regardless, 99.99% of tiktok users are not taking steps to protect their data. hundreds of billions of data points that help an authoritarian government know how people think is nothing to shrug at.
Mobile apps aren’t in the wild west anymore. They don’t get access to the other apps and can’t wander around unlimited on your device without clear permission. If you say no location, they don’t get location. It used to be different, but apple and google are on the same page now and they don’t let apps abuse you without clear permission anymore.
Even pulling your IP and giving them a vague city level location, They’re correlating that with liking 30 second random content videos and music. This isn’t even the level of intelligence you 'd get from FB or Youtube people aren’t searching tictok to see how to use software or edit code or how public infrastructure works. You’re getting organziation, cat videos, kids coming home from the dentist saying crazy things. I just don’t really see it as a big deal.
you say all this and trillions of dollars still ride on their ability, which we very much knows exists, to stitch together billions of datapoints to know things about their users.
I will now answer any questions that boils down to “but we’re the good guys” to “not American”
What the fuck are you talking about? This has nothing to do with America, the problem here is you’re falsely equating a horrifyingly authoritarian government and basically writing it off as the “sAmE aS gOoGlE”
I don’t know. What i read on Wikileaks made me believe they’re not that different you know. Go read it, it will open your mind.
How many times has the US military ever murdered 900+ protestors in broad daylight then censored it from all media and imprisoned anyone who talks about it decades later?
Educate yourself. Jesus fucking Christ.
For the record I don’t need to read more about the US government corruption, that’s known. The fact that you’re comparing the two is disturbing af
Several in fact. Most famously they bombed Tulsa oklahoma when black people there got too wealthy. But now multiple states are banning the teaching of it, alongside banning the teaching of our genocide of the Native Americans.
We do most of our murder of innocent people these days abroad though which isn’t really much better, but most Americans are apparently completely fine with children being murdered so long as they aren’t white and they aren’t here, or they aren’t in an American school being shot by one of their peers.
You’re right let’s talk about America not China. No agenda there at all. Nope.
if you wanted to make this a whataboutism is bad argument i’d be with you, but you’re still toeing the line of “oh but it’s okay when america does bad stuff, it’s not the same”
No I am towing the line of “stop changing the subject and erasing history”
lol literally no one is “erasing history” what
Actually you are if you don’t vehemently oppose comparing the US to China
Starting with the native American or i don’t count it ? I don’t know ? Is shooting a bus full of kids and laughing about it saying they’ll grow up to be terrorist anyway isn’t that far off and this is the tip of the iceberg buddy. USA is good at hiding murdering brown people by prefixing the word terrorists.
And yet you won’t face life in prison for writing that. Yeah you’re right, SAME
Ask the dude from Afghanistan that was randomly taken and tortured beyond belief for just being in the place in the wrong time. He was repeatedly raped with a broom and his pelvis shattered from getting kicked repeatedly on the groin area. Oh yeah, he died. How human of them.
https://en.m.wikipedia.org/wiki/1989_Tiananmen_Square_protests_and_massacre
If.you lived in China you’d likely not know about this, since people who talk about it go to prison. Yeah the US is exactly like this so let’s not talk about Chinese government being awful to their citizens
I’m sure the FBI is hinting you down for talking about it right now. SAME. Tienanmen square didn’t happen history erased. China=USA. Happy?