The Not-So-Silent Type: Vulnerabilities in Chinese IME Keyboards' Network Security Protocols

Popular Chinese Input Method Editor (IME) keyboards almost universally feature "cloud-based" features that improve character prediction when typing. Handling such sensitive data (i.e., keystrokes) in transit demands security in transit. In this work, we perform a comprehensive security measurement of the Chinese IME keyboard ecosystem, investigating the network security of keystrokes sent in transit by popular Chinese IME keyboards from nine vendors. We studied the three most popular third-party keyboards, comprising 95.9% of the third-party keyboard market share in China, as well as the default Chinese IME keyboards pre-installed on six popular Android mobile device manufacturers in China. We found that the vast majority of IME keyboards utilize proprietary, non-TLS network encryption protocols. Our measurement revealed critical vulnerabilities in these encryption protocols from eight out of the nine vendors in which network attackers could completely reveal the contents of users' keystrokes in transit. We estimate that up to one billion users were affected by these vulnerabilities. Finally, we provide recommendations to various stakeholders to limit the harm from this existing set of vulnerabilities, as well as to prevent future vulnerabilities of this kind. CCS Concepts • Security and privacy → Software and application security.