1、Technical Analysis and Mitigations 1.1 Root Cause The root cause of the security flaw was the exploitation of the leaked AES IV value which is used to encrypt the u/p/g parameters in the encrypted transmission. [...] Secondly, strengthening the initialization vector to address the security flaw in the iOS client by replacing the timestamp used to generate IV with a random number, which complies with the behavior of the Android version. [...] Additionally, due to the polyphonic nature of Chinese characters, users need to input pinyin strings and rely on the computing power of the cloud to return correct candidate characters for fast and accurate typing. [...] In the Android version of Sogou Pinyin Method, the transmission of typed text, as shown in Figure 3, is necessary when using the built-in search engine services indicated by the magnifying glass icon. [...] During this process, the text in the input box is included in the sent HTTP requests and the server returns the results after retrieval.
Authors
- Pages
- 5
- Published in
- Canada
