敲敲打打：一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容（摘要）

<!doctype html>     <html lang="en-US" prefix="og: https://ogp.me/ns#"> <head> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>敲敲打打：一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容（摘要） - The Citizen Lab</title> <meta name="HandheldFriendly" content="True"> <meta name="MobileOptimized" content="320"> <meta name="viewport" content="width=device-width, initial-scale=1"/> <link rel="apple-touch-icon" sizes="57x57" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/apple-icon-57x57.png"> <link rel="apple-touch-icon" sizes="60x60" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/apple-icon-60x60.png"> <link rel="apple-touch-icon" sizes="72x72" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/apple-icon-72x72.png"> <link rel="apple-touch-icon" sizes="76x76" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/apple-icon-76x76.png"> <link rel="apple-touch-icon" sizes="114x114" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/apple-icon-114x114.png"> <link rel="apple-touch-icon" sizes="120x120" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/apple-icon-120x120.png"> <link rel="apple-touch-icon" sizes="144x144" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/apple-icon-144x144.png"> <link rel="apple-touch-icon" sizes="152x152" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/apple-icon-152x152.png"> <link rel="apple-touch-icon" sizes="180x180" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/apple-icon-180x180.png"> <link rel="icon" type="image/png" sizes="192x192" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/android-icon-192x192.png"> <link rel="icon" type="image/png" sizes="32x32" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/favicon-32x32.png"> <link rel="icon" type="image/png" sizes="96x96" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/favicon-96x96.png"> <link rel="icon" type="image/png" sizes="16x16" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/favicon-16x16.png"> <link rel="manifest" href="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/manifest.json"> <meta name="msapplication-TileColor" content="#ffffff"> <meta name="msapplication-TileImage" content="/ms-icon-144x144.png"> <meta name="theme-color" content="#ffffff">  <link rel="pingback" href="https://citizenlab.ca/xmlrpc.php"> <style>img:is([sizes="auto" i], [sizes^="auto," i]) { contain-intrinsic-size: 3000px 1500px }</style>  <meta name="description" content="重要：我們建議所有使用者立即更新他們所使用的輸入法軟體以及作業系統。並建議高風險使用者停止使用任何輸入法提供的雲端建議功能，改為使用完全離線的輸入法，以避免資料外洩。"/> <meta name="robots" content="follow, index, max-snippet:-1, max-video-preview:-1, max-image-preview:large"/> <link rel="canonical" href="https://citizenlab.ca/2024/04/%e6%95%b2%e6%95%b2%e6%89%93%e6%89%93%e4%b8%80%e7%b3%bb%e5%88%97%e9%9b%b2%e7%ab%af%e8%bc%b8%e5%85%a5%e6%b3%95%e6%bc%8f%e6%b4%9e%e5%85%81%e8%a8%b1%e7%b6%b2%e8%b7%af%e6%94%bb%e6%93%8a%e8%80%85-zh-tw/" /> <meta property="og:locale" content="en_US" /> <meta property="og:type" content="article" /> <meta property="og:title" content="敲敲打打：一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容（摘要） - The Citizen Lab" /> <meta property="og:description" content="重要：我們建議所有使用者立即更新他們所使用的輸入法軟體以及作業系統。並建議高風險使用者停止使用任何輸入法提供的雲端建議功能，改為使用完全離線的輸入法，以避免資料外洩。" /> <meta property="og:url" content="https://citizenlab.ca/2024/04/%e6%95%b2%e6%95%b2%e6%89%93%e6%89%93%e4%b8%80%e7%b3%bb%e5%88%97%e9%9b%b2%e7%ab%af%e8%bc%b8%e5%85%a5%e6%b3%95%e6%bc%8f%e6%b4%9e%e5%85%81%e8%a8%b1%e7%b6%b2%e8%b7%af%e6%94%bb%e6%93%8a%e8%80%85-zh-tw/" /> <meta property="og:site_name" content="The Citizen Lab" /> <meta property="article:section" content="App Privacy and Controls" /> <meta property="og:updated_time" content="2024-05-01T10:34:30-04:00" /> <meta property="og:image" content="https://citizenlab.ca/wp-content/uploads/2024/04/featured-image-1.gif" /> <meta property="og:image:secure_url" content="https://citizenlab.ca/wp-content/uploads/2024/04/featured-image-1.gif" /> <meta property="og:image:width" content="768" /> <meta property="og:image:height" content="432" /> <meta property="og:image:alt" content="敲敲打打：一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容（摘要）" /> <meta property="og:image:type" content="image/gif" /> <meta property="article:published_time" content="2024-04-23T07:59:54-04:00" /> <meta property="article:modified_time" content="2024-05-01T10:34:30-04:00" /> <meta name="twitter:card" content="summary_large_image" /> <meta name="twitter:title" content="敲敲打打：一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容（摘要） - The Citizen Lab" /> <meta name="twitter:description" content="重要：我們建議所有使用者立即更新他們所使用的輸入法軟體以及作業系統。並建議高風險使用者停止使用任何輸入法提供的雲端建議功能，改為使用完全離線的輸入法，以避免資料外洩。" /> <meta name="twitter:site" content="@citizenlab" /> <meta name="twitter:creator" content="@citizenlab" /> <meta name="twitter:image" content="https://citizenlab.ca/wp-content/uploads/2024/04/featured-image-1.gif" /> <meta name="twitter:label1" content="Written by" /> <meta name="twitter:data1" content="Jeffrey Knockel" /> <meta name="twitter:label2" content="Time to read" /> <meta name="twitter:data2" content="2 minutes" /> <script type="application/ld+json" class="rank-math-schema-pro">{"@context":"https://schema.org","@graph":[{"@type":["CollegeOrUniversity","Organization"],"@id":"https://citizenlab.ca/#organization","name":"The Citizen Lab","url":"https://citizenlab.ca","sameAs":["https://twitter.com/citizenlab"],"logo":{"@type":"ImageObject","@id":"https://citizenlab.ca/#logo","url":"https://citizenlab.ca/wp-content/uploads/2019/02/citlablogo.png","contentUrl":"https://citizenlab.ca/wp-content/uploads/2019/02/citlablogo.png","caption":"The Citizen Lab","inLanguage":"en-US","width":"7824","height":"5216"}},{"@type":"WebSite","@id":"https://citizenlab.ca/#website","url":"https://citizenlab.ca","name":"The Citizen Lab","publisher":{"@id":"https://citizenlab.ca/#organization"},"inLanguage":"en-US"},{"@type":"ImageObject","@id":"https://citizenlab.ca/wp-content/uploads/2024/04/featured-image-1.gif","url":"https://citizenlab.ca/wp-content/uploads/2024/04/featured-image-1.gif","width":"768","height":"432","inLanguage":"en-US"},{"@type":"WebPage","@id":"https://citizenlab.ca/2024/04/%e6%95%b2%e6%95%b2%e6%89%93%e6%89%93%e4%b8%80%e7%b3%bb%e5%88%97%e9%9b%b2%e7%ab%af%e8%bc%b8%e5%85%a5%e6%b3%95%e6%bc%8f%e6%b4%9e%e5%85%81%e8%a8%b1%e7%b6%b2%e8%b7%af%e6%94%bb%e6%93%8a%e8%80%85-zh-tw/#webpage","url":"https://citizenlab.ca/2024/04/%e6%95%b2%e6%95%b2%e6%89%93%e6%89%93%e4%b8%80%e7%b3%bb%e5%88%97%e9%9b%b2%e7%ab%af%e8%bc%b8%e5%85%a5%e6%b3%95%e6%bc%8f%e6%b4%9e%e5%85%81%e8%a8%b1%e7%b6%b2%e8%b7%af%e6%94%bb%e6%93%8a%e8%80%85-zh-tw/","name":"\u6572\u6572\u6253\u6253\uff1a\u4e00\u7cfb\u5217\u96f2\u7aef\u8f38\u5165\u6cd5\u6f0f\u6d1e\u5141\u8a31\u7db2\u8def\u653b\u64ca\u8005\u76e3\u770b\u8f38\u5165\u5167\u5bb9\uff08\u6458\u8981\uff09 - The Citizen Lab","datePublished":"2024-04-23T07:59:54-04:00","dateModified":"2024-05-01T10:34:30-04:00","isPartOf":{"@id":"https://citizenlab.ca/#website"},"primaryImageOfPage":{"@id":"https://citizenlab.ca/wp-content/uploads/2024/04/featured-image-1.gif"},"inLanguage":"en-US"},{"@type":"Person","@id":"https://citizenlab.ca/author/jknockel/","name":"Jeffrey Knockel","url":"https://citizenlab.ca/author/jknockel/","image":{"@type":"ImageObject","@id":"https://secure.gravatar.com/avatar/d6720ef83a59d9c6dd374a476200a3ce?s=96&d=mm&r=g","url":"https://secure.gravatar.com/avatar/d6720ef83a59d9c6dd374a476200a3ce?s=96&d=mm&r=g","caption":"Jeffrey Knockel","inLanguage":"en-US"},"worksFor":{"@id":"https://citizenlab.ca/#organization"}},{"@type":"BlogPosting","headline":"\u6572\u6572\u6253\u6253\uff1a\u4e00\u7cfb\u5217\u96f2\u7aef\u8f38\u5165\u6cd5\u6f0f\u6d1e\u5141\u8a31\u7db2\u8def\u653b\u64ca\u8005\u76e3\u770b\u8f38\u5165\u5167\u5bb9\uff08\u6458\u8981\uff09 - The Citizen Lab","datePublished":"2024-04-23T07:59:54-04:00","dateModified":"2024-05-01T10:34:30-04:00","author":{"@id":"https://citizenlab.ca/author/jknockel/","name":"Jeffrey Knockel"},"publisher":{"@id":"https://citizenlab.ca/#organization"},"description":"\u91cd\u8981\uff1a\u6211\u5011\u5efa\u8b70\u6240\u6709\u4f7f\u7528\u8005\u7acb\u5373\u66f4\u65b0\u4ed6\u5011\u6240\u4f7f\u7528\u7684\u8f38\u5165\u6cd5\u8edf\u9ad4\u4ee5\u53ca\u4f5c\u696d\u7cfb\u7d71\u3002\u4e26\u5efa\u8b70\u9ad8\u98a8\u96aa\u4f7f\u7528\u8005\u505c\u6b62\u4f7f\u7528\u4efb\u4f55\u8f38\u5165\u6cd5\u63d0\u4f9b\u7684\u96f2\u7aef\u5efa\u8b70\u529f\u80fd\uff0c\u6539\u70ba\u4f7f\u7528\u5b8c\u5168\u96e2\u7dda\u7684\u8f38\u5165\u6cd5\uff0c\u4ee5\u907f\u514d\u8cc7\u6599\u5916\u6d29\u3002","name":"\u6572\u6572\u6253\u6253\uff1a\u4e00\u7cfb\u5217\u96f2\u7aef\u8f38\u5165\u6cd5\u6f0f\u6d1e\u5141\u8a31\u7db2\u8def\u653b\u64ca\u8005\u76e3\u770b\u8f38\u5165\u5167\u5bb9\uff08\u6458\u8981\uff09 - The Citizen Lab","@id":"https://citizenlab.ca/2024/04/%e6%95%b2%e6%95%b2%e6%89%93%e6%89%93%e4%b8%80%e7%b3%bb%e5%88%97%e9%9b%b2%e7%ab%af%e8%bc%b8%e5%85%a5%e6%b3%95%e6%bc%8f%e6%b4%9e%e5%85%81%e8%a8%b1%e7%b6%b2%e8%b7%af%e6%94%bb%e6%93%8a%e8%80%85-zh-tw/#richSnippet","isPartOf":{"@id":"https://citizenlab.ca/2024/04/%e6%95%b2%e6%95%b2%e6%89%93%e6%89%93%e4%b8%80%e7%b3%bb%e5%88%97%e9%9b%b2%e7%ab%af%e8%bc%b8%e5%85%a5%e6%b3%95%e6%bc%8f%e6%b4%9e%e5%85%81%e8%a8%b1%e7%b6%b2%e8%b7%af%e6%94%bb%e6%93%8a%e8%80%85-zh-tw/#webpage"},"image":{"@id":"https://citizenlab.ca/wp-content/uploads/2024/04/featured-image-1.gif"},"inLanguage":"en-US","mainEntityOfPage":{"@id":"https://citizenlab.ca/2024/04/%e6%95%b2%e6%95%b2%e6%89%93%e6%89%93%e4%b8%80%e7%b3%bb%e5%88%97%e9%9b%b2%e7%ab%af%e8%bc%b8%e5%85%a5%e6%b3%95%e6%bc%8f%e6%b4%9e%e5%85%81%e8%a8%b1%e7%b6%b2%e8%b7%af%e6%94%bb%e6%93%8a%e8%80%85-zh-tw/#webpage"}}]}</script>  <link rel="alternate" type="application/rss+xml" title="The Citizen Lab » Feed" href="https://citizenlab.ca/feed/" /> <link rel="alternate" type="application/rss+xml" title="The Citizen Lab » Comments Feed" href="https://citizenlab.ca/comments/feed/" /> <script type="text/javascript"> /* <![CDATA[ */ window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/15.0.3\/svg\/","svgExt":".svg","source":{"concatemoji":"https:\/\/citizenlab.ca\/wp-includes\/js\/wp-emoji-release.min.js"}}; /*! This file is auto-generated */ !function(i,n){var o,s,e;function c(e){try{var t={supportTests:e,timestamp:(new Date).valueOf()};sessionStorage.setItem(o,JSON.stringify(t))}catch(e){}}function p(e,t,n){e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(t,0,0);var t=new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data),r=(e.clearRect(0,0,e.canvas.width,e.canvas.height),e.fillText(n,0,0),new Uint32Array(e.getImageData(0,0,e.canvas.width,e.canvas.height).data));return t.every(function(e,t){return e===r[t]})}function u(e,t,n){switch(t){case"flag":return n(e,"\ud83c\udff3\ufe0f\u200d\u26a7\ufe0f","\ud83c\udff3\ufe0f\u200b\u26a7\ufe0f")?!1:!n(e,"\ud83c\uddfa\ud83c\uddf3","\ud83c\uddfa\u200b\ud83c\uddf3")&&!n(e,"\ud83c\udff4\udb40\udc67\udb40\udc62\udb40\udc65\udb40\udc6e\udb40\udc67\udb40\udc7f","\ud83c\udff4\u200b\udb40\udc67\u200b\udb40\udc62\u200b\udb40\udc65\u200b\udb40\udc6e\u200b\udb40\udc67\u200b\udb40\udc7f");case"emoji":return!n(e,"\ud83d\udc26\u200d\u2b1b","\ud83d\udc26\u200b\u2b1b")}return!1}function f(e,t,n){var r="undefined"!=typeof WorkerGlobalScope&&self instanceof WorkerGlobalScope?new OffscreenCanvas(300,150):i.createElement("canvas"),a=r.getContext("2d",{willReadFrequently:!0}),o=(a.textBaseline="top",a.font="600 32px Arial",{});return e.forEach(function(e){o[e]=t(a,e,n)}),o}function t(e){var t=i.createElement("script");t.src=e,t.defer=!0,i.head.appendChild(t)}"undefined"!=typeof Promise&&(o="wpEmojiSettingsSupports",s=["flag","emoji"],n.supports={everything:!0,everythingExceptFlag:!0},e=new Promise(function(e){i.addEventListener("DOMContentLoaded",e,{once:!0})}),new Promise(function(t){var n=function(){try{var e=JSON.parse(sessionStorage.getItem(o));if("object"==typeof e&&"number"==typeof e.timestamp&&(new Date).valueOf()<e.timestamp+604800&&"object"==typeof e.supportTests)return e.supportTests}catch(e){}return null}();if(!n){if("undefined"!=typeof Worker&&"undefined"!=typeof OffscreenCanvas&&"undefined"!=typeof URL&&URL.createObjectURL&&"undefined"!=typeof Blob)try{var e="postMessage("+f.toString()+"("+[JSON.stringify(s),u.toString(),p.toString()].join(",")+"));",r=new Blob([e],{type:"text/javascript"}),a=new Worker(URL.createObjectURL(r),{name:"wpTestEmojiSupports"});return void(a.onmessage=function(e){c(n=e.data),a.terminate(),t(n)})}catch(e){}c(n=f(s,u,p))}t(n)}).then(function(e){for(var t in e)n.supports[t]=e[t],n.supports.everything=n.supports.everything&&n.supports[t],"flag"!==t&&(n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&n.supports[t]);n.supports.everythingExceptFlag=n.supports.everythingExceptFlag&&!n.supports.flag,n.DOMReady=!1,n.readyCallback=function(){n.DOMReady=!0}}).then(function(){return e}).then(function(){var e;n.supports.everything||(n.readyCallback(),(e=n.source||{}).concatemoji?t(e.concatemoji):e.wpemoji&&e.twemoji&&(t(e.twemoji),t(e.wpemoji)))}))}((window,document),window._wpemojiSettings); /* ]]> */ </script> <style id='wp-emoji-styles-inline-css' type='text/css'> img.wp-smiley, img.emoji { display: inline !important; border: none !important; box-shadow: none !important; height: 1em !important; width: 1em !important; margin: 0 0.07em !important; vertical-align: -0.1em !important; background: none !important; padding: 0 !important; } </style> <link rel='stylesheet' id='wp-block-library-css' href='https://citizenlab.ca/wp-includes/css/dist/block-library/style.min.css' type='text/css' media='all' /> <style id='co-authors-plus-coauthors-style-inline-css' type='text/css'> .wp-block-co-authors-plus-coauthors.is-layout-flow [class*=wp-block-co-authors-plus]{display:inline} </style> <style id='co-authors-plus-avatar-style-inline-css' type='text/css'> .wp-block-co-authors-plus-avatar :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-avatar :where(img){vertical-align:middle}.wp-block-co-authors-plus-avatar:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-avatar.aligncenter{display:table;margin-inline:auto} </style> <style id='co-authors-plus-image-style-inline-css' type='text/css'> .wp-block-co-authors-plus-image{margin-bottom:0}.wp-block-co-authors-plus-image :where(img){height:auto;max-width:100%;vertical-align:bottom}.wp-block-co-authors-plus-coauthors.is-layout-flow .wp-block-co-authors-plus-image :where(img){vertical-align:middle}.wp-block-co-authors-plus-image:is(.alignfull,.alignwide) :where(img){width:100%}.wp-block-co-authors-plus-image:is(.alignleft,.alignright){display:table}.wp-block-co-authors-plus-image.aligncenter{display:table;margin-inline:auto} </style> <style id='classic-theme-styles-inline-css' type='text/css'> /*! This file is auto-generated */ .wp-block-button__link{color:#fff;background-color:#32373c;border-radius:9999px;box-shadow:none;text-decoration:none;padding:calc(.667em + 2px) calc(1.333em + 2px);font-size:1.125em}.wp-block-file__button{background:#32373c;color:#fff;text-decoration:none} </style> <style id='global-styles-inline-css' type='text/css'> :root{--wp--preset--aspect-ratio--square: 1;--wp--preset--aspect-ratio--4-3: 4/3;--wp--preset--aspect-ratio--3-4: 3/4;--wp--preset--aspect-ratio--3-2: 3/2;--wp--preset--aspect-ratio--2-3: 2/3;--wp--preset--aspect-ratio--16-9: 16/9;--wp--preset--aspect-ratio--9-16: 9/16;--wp--preset--color--black: #000000;--wp--preset--color--cyan-bluish-gray: #abb8c3;--wp--preset--color--white: #ffffff;--wp--preset--color--pale-pink: #f78da7;--wp--preset--color--vivid-red: #cf2e2e;--wp--preset--color--luminous-vivid-orange: #ff6900;--wp--preset--color--luminous-vivid-amber: #fcb900;--wp--preset--color--light-green-cyan: #7bdcb5;--wp--preset--color--vivid-green-cyan: #00d084;--wp--preset--color--pale-cyan-blue: #8ed1fc;--wp--preset--color--vivid-cyan-blue: #0693e3;--wp--preset--color--vivid-purple: #9b51e0;--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple: linear-gradient(135deg,rgba(6,147,227,1) 0%,rgb(155,81,224) 100%);--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan: linear-gradient(135deg,rgb(122,220,180) 0%,rgb(0,208,130) 100%);--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange: linear-gradient(135deg,rgba(252,185,0,1) 0%,rgba(255,105,0,1) 100%);--wp--preset--gradient--luminous-vivid-orange-to-vivid-red: linear-gradient(135deg,rgba(255,105,0,1) 0%,rgb(207,46,46) 100%);--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray: linear-gradient(135deg,rgb(238,238,238) 0%,rgb(169,184,195) 100%);--wp--preset--gradient--cool-to-warm-spectrum: linear-gradient(135deg,rgb(74,234,220) 0%,rgb(151,120,209) 20%,rgb(207,42,186) 40%,rgb(238,44,130) 60%,rgb(251,105,98) 80%,rgb(254,248,76) 100%);--wp--preset--gradient--blush-light-purple: linear-gradient(135deg,rgb(255,206,236) 0%,rgb(152,150,240) 100%);--wp--preset--gradient--blush-bordeaux: linear-gradient(135deg,rgb(254,205,165) 0%,rgb(254,45,45) 50%,rgb(107,0,62) 100%);--wp--preset--gradient--luminous-dusk: linear-gradient(135deg,rgb(255,203,112) 0%,rgb(199,81,192) 50%,rgb(65,88,208) 100%);--wp--preset--gradient--pale-ocean: linear-gradient(135deg,rgb(255,245,203) 0%,rgb(182,227,212) 50%,rgb(51,167,181) 100%);--wp--preset--gradient--electric-grass: linear-gradient(135deg,rgb(202,248,128) 0%,rgb(113,206,126) 100%);--wp--preset--gradient--midnight: linear-gradient(135deg,rgb(2,3,129) 0%,rgb(40,116,252) 100%);--wp--preset--font-size--small: 13px;--wp--preset--font-size--medium: 20px;--wp--preset--font-size--large: 36px;--wp--preset--font-size--x-large: 42px;--wp--preset--spacing--20: 0.44rem;--wp--preset--spacing--30: 0.67rem;--wp--preset--spacing--40: 1rem;--wp--preset--spacing--50: 1.5rem;--wp--preset--spacing--60: 2.25rem;--wp--preset--spacing--70: 3.38rem;--wp--preset--spacing--80: 5.06rem;--wp--preset--shadow--natural: 6px 6px 9px rgba(0, 0, 0, 0.2);--wp--preset--shadow--deep: 12px 12px 50px rgba(0, 0, 0, 0.4);--wp--preset--shadow--sharp: 6px 6px 0px rgba(0, 0, 0, 0.2);--wp--preset--shadow--outlined: 6px 6px 0px -3px rgba(255, 255, 255, 1), 6px 6px rgba(0, 0, 0, 1);--wp--preset--shadow--crisp: 6px 6px 0px rgba(0, 0, 0, 1);}:where(.is-layout-flex){gap: 0.5em;}:where(.is-layout-grid){gap: 0.5em;}body .is-layout-flex{display: flex;}.is-layout-flex{flex-wrap: wrap;align-items: center;}.is-layout-flex > :is(*, div){margin: 0;}body .is-layout-grid{display: grid;}.is-layout-grid > :is(*, div){margin: 0;}:where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;}:where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;}.has-black-color{color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-color{color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-color{color: var(--wp--preset--color--white) !important;}.has-pale-pink-color{color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-color{color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-color{color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-color{color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-color{color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-color{color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-color{color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-color{color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-color{color: var(--wp--preset--color--vivid-purple) !important;}.has-black-background-color{background-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-background-color{background-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-background-color{background-color: var(--wp--preset--color--white) !important;}.has-pale-pink-background-color{background-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-background-color{background-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-background-color{background-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-background-color{background-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-background-color{background-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-background-color{background-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-background-color{background-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-background-color{background-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-background-color{background-color: var(--wp--preset--color--vivid-purple) !important;}.has-black-border-color{border-color: var(--wp--preset--color--black) !important;}.has-cyan-bluish-gray-border-color{border-color: var(--wp--preset--color--cyan-bluish-gray) !important;}.has-white-border-color{border-color: var(--wp--preset--color--white) !important;}.has-pale-pink-border-color{border-color: var(--wp--preset--color--pale-pink) !important;}.has-vivid-red-border-color{border-color: var(--wp--preset--color--vivid-red) !important;}.has-luminous-vivid-orange-border-color{border-color: var(--wp--preset--color--luminous-vivid-orange) !important;}.has-luminous-vivid-amber-border-color{border-color: var(--wp--preset--color--luminous-vivid-amber) !important;}.has-light-green-cyan-border-color{border-color: var(--wp--preset--color--light-green-cyan) !important;}.has-vivid-green-cyan-border-color{border-color: var(--wp--preset--color--vivid-green-cyan) !important;}.has-pale-cyan-blue-border-color{border-color: var(--wp--preset--color--pale-cyan-blue) !important;}.has-vivid-cyan-blue-border-color{border-color: var(--wp--preset--color--vivid-cyan-blue) !important;}.has-vivid-purple-border-color{border-color: var(--wp--preset--color--vivid-purple) !important;}.has-vivid-cyan-blue-to-vivid-purple-gradient-background{background: var(--wp--preset--gradient--vivid-cyan-blue-to-vivid-purple) !important;}.has-light-green-cyan-to-vivid-green-cyan-gradient-background{background: var(--wp--preset--gradient--light-green-cyan-to-vivid-green-cyan) !important;}.has-luminous-vivid-amber-to-luminous-vivid-orange-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-amber-to-luminous-vivid-orange) !important;}.has-luminous-vivid-orange-to-vivid-red-gradient-background{background: var(--wp--preset--gradient--luminous-vivid-orange-to-vivid-red) !important;}.has-very-light-gray-to-cyan-bluish-gray-gradient-background{background: var(--wp--preset--gradient--very-light-gray-to-cyan-bluish-gray) !important;}.has-cool-to-warm-spectrum-gradient-background{background: var(--wp--preset--gradient--cool-to-warm-spectrum) !important;}.has-blush-light-purple-gradient-background{background: var(--wp--preset--gradient--blush-light-purple) !important;}.has-blush-bordeaux-gradient-background{background: var(--wp--preset--gradient--blush-bordeaux) !important;}.has-luminous-dusk-gradient-background{background: var(--wp--preset--gradient--luminous-dusk) !important;}.has-pale-ocean-gradient-background{background: var(--wp--preset--gradient--pale-ocean) !important;}.has-electric-grass-gradient-background{background: var(--wp--preset--gradient--electric-grass) !important;}.has-midnight-gradient-background{background: var(--wp--preset--gradient--midnight) !important;}.has-small-font-size{font-size: var(--wp--preset--font-size--small) !important;}.has-medium-font-size{font-size: var(--wp--preset--font-size--medium) !important;}.has-large-font-size{font-size: var(--wp--preset--font-size--large) !important;}.has-x-large-font-size{font-size: var(--wp--preset--font-size--x-large) !important;} :where(.wp-block-post-template.is-layout-flex){gap: 1.25em;}:where(.wp-block-post-template.is-layout-grid){gap: 1.25em;} :where(.wp-block-columns.is-layout-flex){gap: 2em;}:where(.wp-block-columns.is-layout-grid){gap: 2em;} :root :where(.wp-block-pullquote){font-size: 1.5em;line-height: 1.6;} </style> <link rel='stylesheet' id='bigfoot-number-css' href='https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-number.css' type='text/css' media='all' /> <link rel='stylesheet' id='__EPYT__style-css' href='https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/styles/ytprefs.min.css' type='text/css' media='all' /> <style id='__EPYT__style-inline-css' type='text/css'> .epyt-gallery-thumb { width: 33.333%; } </style> <link rel='stylesheet' id='bones-base-stylesheet-css' href='https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/css/tachyons.css' type='text/css' media='all' /> <link rel='stylesheet' id='bones-stylesheet-css' href='https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/css/style.css' type='text/css' media='all' />  <link rel='stylesheet' id='fontawesome-css' href='https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/fontawesome/css/fontawesome.min.css' type='text/css' media='all' /> <link rel='stylesheet' id='fontawesome-brands-css' href='https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/fontawesome/css/brands.min.css' type='text/css' media='all' /> <link rel='stylesheet' id='fontawesome-solid-css' href='https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/fontawesome/css/solid.min.css' type='text/css' media='all' /> <script type="text/javascript" src="https://citizenlab.ca/wp-includes/js/jquery/jquery.min.js" id="jquery-core-js"></script> <script type="text/javascript" src="https://citizenlab.ca/wp-includes/js/jquery/jquery-migrate.min.js" id="jquery-migrate-js"></script> <script type="text/javascript" id="__ytprefs__-js-extra"> /* <![CDATA[ */ var _EPYT_ = {"ajaxurl":"https:\/\/citizenlab.ca\/wp-admin\/admin-ajax.php","security":"bde6679a30","gallery_scrolloffset":"20","eppathtoscripts":"https:\/\/citizenlab.ca\/wp-content\/plugins\/youtube-embed-plus\/scripts\/","eppath":"https:\/\/citizenlab.ca\/wp-content\/plugins\/youtube-embed-plus\/","epresponsiveselector":"[\"iframe.__youtube_prefs__\",\"iframe[src*='youtube.com']\",\"iframe[src*='youtube-nocookie.com']\",\"iframe[data-ep-src*='youtube.com']\",\"iframe[data-ep-src*='youtube-nocookie.com']\",\"iframe[data-ep-gallerysrc*='youtube.com']\"]","epdovol":"1","version":"14.2.1.3","evselector":"iframe.__youtube_prefs__[src], iframe[src*=\"youtube.com\/embed\/\"], iframe[src*=\"youtube-nocookie.com\/embed\/\"]","ajax_compat":"","maxres_facade":"eager","ytapi_load":"light","pause_others":"","stopMobileBuffer":"1","facade_mode":"","not_live_on_channel":"","vi_active":"","vi_js_posttypes":[]}; /* ]]> */ </script> <script type="text/javascript" src="https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/ytprefs.min.js" id="__ytprefs__-js"></script> <script type="text/javascript" src="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/js/libs/modernizr.custom.min.js" id="bones-modernizr-js"></script> <link rel="https://api.w.org/" href="https://citizenlab.ca/wp-json/" /><link rel="alternate" title="JSON" type="application/json" href="https://citizenlab.ca/wp-json/wp/v2/posts/80508" /><link rel='shortlink' href='https://citizenlab.ca/?p=80508' /> <link rel="alternate" title="oEmbed (JSON)" type="application/json+oembed" href="https://citizenlab.ca/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fcitizenlab.ca%2F2024%2F04%2F%25e6%2595%25b2%25e6%2595%25b2%25e6%2589%2593%25e6%2589%2593%25e4%25b8%2580%25e7%25b3%25bb%25e5%2588%2597%25e9%259b%25b2%25e7%25ab%25af%25e8%25bc%25b8%25e5%2585%25a5%25e6%25b3%2595%25e6%25bc%258f%25e6%25b4%259e%25e5%2585%2581%25e8%25a8%25b1%25e7%25b6%25b2%25e8%25b7%25af%25e6%2594%25bb%25e6%2593%258a%25e8%2580%2585-zh-tw%2F" /> <link rel="alternate" title="oEmbed (XML)" type="text/xml+oembed" href="https://citizenlab.ca/wp-json/oembed/1.0/embed?url=https%3A%2F%2Fcitizenlab.ca%2F2024%2F04%2F%25e6%2595%25b2%25e6%2595%25b2%25e6%2589%2593%25e6%2589%2593%25e4%25b8%2580%25e7%25b3%25bb%25e5%2588%2597%25e9%259b%25b2%25e7%25ab%25af%25e8%25bc%25b8%25e5%2585%25a5%25e6%25b3%2595%25e6%25bc%258f%25e6%25b4%259e%25e5%2585%2581%25e8%25a8%25b1%25e7%25b6%25b2%25e8%25b7%25af%25e6%2594%25bb%25e6%2593%258a%25e8%2580%2585-zh-tw%2F&format=xml" /> <script type="text/javascript" id="google_gtagjs" src="https://www.googletagmanager.com/gtag/js?id=G-RCDQQLPVF0" async="async"></script> <script type="text/javascript" id="google_gtagjs-inline"> /* <![CDATA[ */ window.dataLayer = window.dataLayer || [];function gtag(){dataLayer.push(arguments);}gtag('js', new Date());gtag('config', 'G-RCDQQLPVF0', {'anonymize_ip': true} ); /* ]]> */ </script> </head> <body itemscope itemtype="http://schema.org/WebPage">  <header id="header" role="banner" itemscope itemtype="http://schema.org/WPHeader"> <div id="header__inner" class="flex-ns items-center justify-between"> <div class="v-mid flex justify-between items-center"> <div class="mr-auto"> <a href="https://citizenlab.ca" rel="nofollow" id="logo" itemscope itemtype="http://schema.org/Organization"> <img src="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/CL-logo-3-headed.png" alt="The Citizen Lab"/> </a> <img src="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/MunkSchool-WHT.png" class="munk-logo" alt="Munk School of Global Affairs & Public Policy | University of Toronto" /> </div>  <a href="#main-menu" id="homepage" aria-label="Open main menu"> <span class="fa-solid fa-bars-staggered white dib" title="Open Menu"></span> <span class="screen-reader-text">Open main menu</span> </a> </div>  <a class="skip-main" href="#main">Skip to main content</a> <div class="flex-ns main-menu" id="main-menu"> <a href="#homepage" id="homepage" class="menu-close" aria-label="Close main menu"> <span class="fa-solid fa-x white dib" title="Close Menu"></span> <span class="screen-reader-text">Close main menu</span> </a> <nav id="nav-main" role="navigation" itemscope itemtype="http://schema.org/SiteNavigationElement" class="tc tl-l"> <ul id="menu-top-menu" class="list ma0 mt2 mt0-ns pa0 b dib-ns"><li id="menu-item-29705" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor menu-item-has-children menu-item-29705 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/research/" class="white no-underline h-underline pr2 ml0">Research</a> <ul class="sub-menu"> <li id="menu-item-72358" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-72358 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/research/targeted-threats/" class="white no-underline h-underline pr2">Targeted Threats</a></li> <li id="menu-item-72357" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-72357 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/research/free-expression-online/" class="white no-underline h-underline pr2 mr0">Free Expression Online</a></li> <li id="menu-item-72359" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-72359 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/research/transparency/" class="white no-underline h-underline pr2">Transparency and Accountability</a></li> <li id="menu-item-72360" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-72360 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/research/app-privacy-and-security/" class="white no-underline h-underline pr2">App Privacy and Controls</a></li> <li id="menu-item-72362" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-72362 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/research/global-research-network/" class="white no-underline h-underline pr2">Global Research Network</a></li> <li id="menu-item-72385" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-72385 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/research/tools-resources/" class="white no-underline h-underline pr2">Tools & Resources</a></li> <li id="menu-item-72361" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-72361 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/publications/" class="white no-underline h-underline pr2">Publications</a></li> </ul> </li> <li id="menu-item-29706" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-has-children menu-item-29706 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/lab-news/" class="white no-underline h-underline pr2">News</a> <ul class="sub-menu"> <li id="menu-item-72363" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-72363 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/lab-news/mentions/" class="white no-underline h-underline pr2">In the Media</a></li> <li id="menu-item-72364" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-72364 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/lab-news/events/" class="white no-underline h-underline pr2">Events</a></li> <li id="menu-item-72365" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-72365 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/category/lab-news/opportunities/" class="white no-underline h-underline pr2">Opportunities</a></li> </ul> </li> <li id="menu-item-29707" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-has-children menu-item-29707 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/about/" class="white no-underline h-underline pr2">About</a> <ul class="sub-menu"> <li id="menu-item-72367" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-72367 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/about/" class="white no-underline h-underline pr2">About The Citizen Lab</a></li> <li id="menu-item-72368" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-72368 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/media/" class="white no-underline h-underline pr2">Media Resources</a></li> <li id="menu-item-72369" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-72369 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/people/" class="white no-underline h-underline pr2">People</a></li> <li id="menu-item-72370" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-72370 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/teaching/" class="white no-underline h-underline pr2">Teaching</a></li> <li id="menu-item-72387" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-72387 dib-ns f5-l f4 ttu pv2 "><a href="https://engage.utoronto.ca/site/SPageServer?pagename=donate#/fund/847" class="white no-underline h-underline pr2">Donate</a></li> <li id="menu-item-74537" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-74537 dib-ns f5-l f4 ttu pv2 "><a href="https://citizenlab.ca/disclosure-of-security-vulnerabilities/" class="white no-underline h-underline pr2">Security Vulnerabilities</a></li> </ul> </li> </ul> </nav>  <div class="flex items-start justify-center searchbar"> <form class="db-l ma0 pa0 b0 lh0 f5" role="search" method="get" id="menuSearchform" action="https://citizenlab.ca/"> <div id="menuSearchContainer" class="ml3 dib w0 transition-width overflow-hidden"> <input type="search" id="menuSearch" name="s" value="" class="b--none ma0 pa1 w-100" placeholder="Search"/> </div>  </form> <div id="menuSearchButton" class="db-l ml3 pointer items-end"> <span class="fa-solid fa-magnifying-glass white f5" aria-label="Search" title="Search"></span> </div> </div>  </div>  </div>  </header>  <div id="container" class="pa3 pv4-l ph5-l">  <main id="main" role="main" itemscope itemprop="mainContentOfPage" itemtype="http://schema.org/Blog"> <section id="content" class="container"> <article id="post-80508" dir="ltr" 80508role="article" itemscope itemprop="blogPost" itemtype="http://schema.org/BlogPosting" class="lh-copy"> <header> <span class="f6 mt0" dir="ltr"><a href="https://citizenlab.ca/category/research/" class="breadcrumbs"><a href="https://citizenlab.ca/category/research/" class="breadcrumbs">Research</a><span class="fa-solid fa-chevron-right mh2" aria-hidden="true"></span></a><a href="https://citizenlab.ca/category/research/app-privacy-and-security/" class="breadcrumbs">App Privacy and Controls</a></span> <h1 itemprop="headline" rel="bookmark" class="ma0 mt5 lh-title">  <span class="db f2 f1-ns black lh-solid no-hyphen">敲敲打打</span>  <span class="db f4 f2-ns mid-gray mt2 lh-title oswald-regular mb2-ns no-hyphen">一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容（摘要）</span> </h1> <div dir="ltr" class="mt2"> <div class="f5 mr4 b dark-gray dib">By <a href="https://citizenlab.ca/author/jknockel/" title="Posts by Jeffrey Knockel" class="author url fn" rel="author">Jeffrey Knockel</a>, <a href="https://citizenlab.ca/author/monaw/" title="Posts by Mona Wang" class="author url fn" rel="author">Mona Wang</a>, and <a href="https://citizenlab.ca/author/zreichert/" title="Posts by Zoë Reichert" class="author url fn" rel="author">Zoë Reichert</a></div> <time class="dark-gray dib f5 mr4" datetime="2024-04-23" itemprop="datePublished">April 23, 2024</time>  </div>  </header> <section itemprop="articleBody" class="article-body mb4 mt4 pt2 bt b--light-gray"> <ul> <li class="mt2">重要：我們建議所有使用者立即更新他們所使用的輸入法軟體以及作業系統。並建議高風險使用者停止使用任何輸入法提供的雲端建議功能，改為使用完全離線的輸入法，以避免資料外洩。</li> <li class="mt2">本文是<a href="https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/" class="pointer">完整報告</a>的摘要翻譯。</li> </ul> <h2 id="重要發現" class="lh-solid mb3">重要發現</h2> <ul class="mt0"> <li class="mt2">我們分析了常見雲端拼音輸入鍵盤的安全性，包含百度、榮耀、華為、訊飛、OPPO、三星、騰訊九家廠商，並檢視了它們傳送使用者輸入到雲端的過程是否含有安全缺陷。</li> <li class="mt2">分析結果指出，九家廠商中，有八家輸入法軟體包含嚴重漏洞，讓我們得以完整破解廠商設計用於保護使用者輸入內容的加密法。亦有部分廠商並未使用任何加密法保護使用者輸入內容。</li> <li class="mt2">綜合本研究和我們<a href="https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/" class="pointer"><u>先前研究</u></a>中發現的搜狗輸入法漏洞，我們估計至多有十億使用者受到這些漏洞影響。基於下述原因，我們認為使用者輸入的內容可能已經遭到大規模收集： <ul> <li class="mt2">這些漏洞影響眾多使用者</li> <li class="mt2">使用者在鍵盤中輸入的資訊極為敏感</li> <li class="mt2">發現這些漏洞不需要高深技術</li> <li class="mt2"><a href="https://zh.wikipedia.org/zh-tw/%E4%BA%94%E7%9C%BC%E8%81%AF%E7%9B%9F" class="pointer" target="_blank" rel="noopener"><u>五眼聯盟</u></a>過去曾利用中國應用程式中類似的漏洞施行監控</li> </ul> </li> <li class="mt2">我們已向受影響的九家開發商回報這些漏洞，大部分開發商均認真看待並回應我們，並修補漏洞，但仍有少數輸入法未修補漏洞。</li> <li class="mt2">在報告的最後，我們提供綜合建議予受漏洞影響的各方，我們期待這些建議可以減少未來類似漏洞所造成的危害。</li> </ul> <h2 id="漏洞總結" class="lh-solid mb3">漏洞總結</h2> <p class="mt0">在我們測試的 9 家廠商的應用程式中，僅有華為的產品未被發現任何傳輸使用者輸入相關的安全問題，其餘每一家廠商都至少有一個應用程式含有漏洞，使得被動的網路攻擊者得以監看使用者輸入的完整內容。</p> <p>註：主動的網路監聽意指監聽時必須要主動發出訊號，例如在傳輸過程中篡改少數資料位元，才能達成解密。主動的網路監聽有可能可以被偵測到。被動的網路監聽意指無需發出任何訊號，單純讀取傳輸中的的資料，即可達成解密。被動的網路監聽難以被偵測到。</p> <figure class="center mw-100 table-overflow" style="min-width:50%; width: min-content; margin: 0px auto"><div class="center" style="min-width: 100%; width: fit-content"><table border="0" cellspacing="0" style="width: max-content; height: unset" class="ba b--light-gray"> <thead> <tr class="header"> <th colspan="2">圖例</th> </tr> </thead> <tbody> <tr class="even striped--light-gray"> <td class="tc" style="color: darkred;font-size: 18pt">✘✘</td> <td><strong>主動和被動</strong>的網路監聽者可以破解加密的使用者輸入內容，且我們成功實測此方法</td> </tr> <tr class="odd striped--light-gray"> <td class="tc" style="color: darkred;font-size: 18pt">✘</td> <td><strong>主動</strong>的網路監聽者可以破解加密的使用者輸入內容，且我們成功實測此方法</td> </tr> <tr class="even striped--light-gray"> <td class="tc" style="color: olive;font-size: 18pt"><strong>!</strong></td> <td>加密法實作中存在弱點</td> </tr> <tr class="odd striped--light-gray"> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td>未發現問題</td> </tr> <tr class="even striped--light-gray"> <td class="tc">N/A</td> <td>該產品在我們測試的裝置上不提供或是不存在</td> </tr> </tbody> </table></div></figure> <figure class="center mw-100 table-overflow" style="min-width:50%; width: min-content; margin: 0px auto"><div class="center" style="min-width: 100%; width: fit-content"><table border="0" cellspacing="0" style="width: max-content; height: unset" class="ba b--light-gray"> <thead> <tr class="header"> <th><strong>輸入法開發商</strong></th> <th class="tc">Android</th> <th class="tc">iOS</th> <th class="tc">Windows</th> </tr> </thead> <tbody> <tr class="odd striped--light-gray"> <td>騰訊<sup>&dagger;</sup></td> <td class="tc" style="color: darkred;font-size: 18pt">✘</td> <td class="tc">N/A</td> <td class="tc" style="color: darkred;font-size: 18pt">✘</td> </tr> <tr class="header striped--light-gray"> <td>百度</td> <td class="tc" style="color: olive;font-size: 18pt"><strong>!</strong></td> <td class="tc" style="color: olive;font-size: 18pt"><strong>!</strong></td> <td class="tc" style="color: darkred;font-size: 18pt">✘✘</td> </tr> <tr class="odd striped--light-gray"> <td>訊飛</td> <td class="tc" style="color: darkred;font-size: 18pt">✘✘</td> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td class="tc" style="color: green;font-size: 18pt">✔</td> </tr> </tbody> </table></div></figure> <p><strong>預載輸入法開發商</strong></p> <figure class="center mw-100 table-overflow" style="min-width:50%; width: min-content; margin: 0px auto"><div class="center" style="min-width: 100%; width: fit-content"><table border="0" cellspacing="0" style="width: max-content; height: unset" class="ba b--light-gray"> <thead> <tr> <th class="tc"><strong>裝置製造商</strong></th> <th class="tc">自有</th> <th class="tc">搜狗</th> <th class="tc">百度</th> <th class="tc">訊飛</th> <th class="tc">iOS</th> <th class="tc">Windows</th> </tr> </thead> <tbody> <tr class="even striped--light-gray"> <td>三星</td> <td class="tc" style="color: darkred;font-size: 18pt">✘✘</td> <td class="tc" style="color: green;font-size: 18pt"><span class="dib w-10"> </span>✔<span class="dib w-10" style="color: black">*</span></td> <td class="tc" style="color: darkred;font-size: 18pt">✘✘</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="odd striped--light-gray"> <td>華為</td> <td class="tc" style="color: green;font-size: 18pt"><span class="dib w-10"> </span>✔<span class="dib w-10" style="color: black">*</span></td> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="even striped--light-gray"> <td>小米</td> <td class="tc">N/A</td> <td class="tc" style="color: darkred;font-size: 18pt"><span class="dib w-10"> </span>✘<span class="dib w-10" style="color: black">*</span></td> <td class="tc" style="color: darkred;font-size: 18pt">✘✘</td> <td class="tc" style="color: darkred;font-size: 18pt">✘✘</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="odd striped--light-gray"> <td>OPPO</td> <td class="tc">N/A</td> <td class="tc" style="color: darkred;font-size: 18pt">✘</td> <td class="tc" style="color: darkred;font-size: 18pt"><span class="dib w-10"> </span>✘✘<span class="dib w-10" style="color: black">*</span></td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="even striped--light-gray"> <td>Vivo</td> <td class="tc" style="color: green;font-size: 18pt"><span class="dib w-10"> </span>✔<span class="dib w-10" style="color: black">*</span></td> <td class="tc" style="color: darkred;font-size: 18pt">✘</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="odd striped--light-gray"> <td>榮耀</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc" style="color: darkred;font-size: 18pt"><span class="dib w-10"> </span>✘✘<span class="dib w-10" style="color: black">*</span></td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> </tbody> </table></div></figure> <p>* 在我們的測試裝置上，這個是預設的輸入法<br> <sup>&dagger;</sup> QQ 输入法及搜狗輸入法都是由騰訊所開發，本研究中我們分析了 QQ 输入法，發現它含有<a href="https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/" class="pointer"><u>我們先前在搜狗輸入法中發現</u></a>的相同漏洞</p> <h2 id="修補總結" class="lh-solid mb3">修補總結</h2> <p class="mt0">我們依據<a href="https://citizenlab.ca/disclosure-of-security-vulnerabilities/" class="pointer">漏洞揭露政策</a>，向各廠商回報了所發現的漏洞。除了百度、Vivo 和小米，其他廠商皆有回覆我們。在我們回報漏洞不久之後，百度修復了當中最嚴重的幾個，但並未修補其餘漏洞。數家手機製造商預載了有漏洞的輸入法程式，除了預載的百度輸入法之外，如今手機製造商都已經修補了這些漏洞。針對預載的百度輸入法，榮耀完全未修補任何漏洞，其餘廠商都只修補了部分最嚴重的漏洞。關於 QQ 输入法，騰訊早先表示（中譯）：「撇除已停止維護的產品，我們計劃將於 [2024] 第一季前將所有使用 EncryptWall （加密法）的活躍產品升級為使用 HTTPS。」截至 2024 年 4 月 1 日，我們未發現騰訊提供任何 QQ 输入法的修補，儘管 QQ 输入法仍提供外界下載，騰訊自 2020 年起就未再提供 QQ 输入法的更新，可能已經將此產品視為停止維護。我們與廠商的聯絡內容、時間以及其他細節，請見我們的<a href="https://citizenlab.ca/2024/04/vulnerabilities-across-keyboard-apps-reveal-keystrokes-to-network-eavesdroppers/" class="pointer">完整版報告</a>。</p> <figure class="center mw-100 table-overflow" style="min-width:50%; width: min-content; margin: 0px auto"><div class="center" style="min-width: 100%; width: fit-content"><table border="0" cellspacing="0" style="width: max-content; height: unset" class="ba b--light-gray"> <thead> <tr class="header"> <th colspan="2">圖例</th> </tr> </thead> <tbody> <tr class="striped--light-gray"> <td class="tc" style="color: darkred;font-size: 18pt">✘✘</td> <td><strong>主動和被動</strong>的網路監聽者可以破解加密的使用者輸入內容，且我們成功實測此方法</td> </tr> <tr class="odd striped--light-gray"> <td class="tc" style="color: darkred;font-size: 18pt">✘</td> <td><strong>主動</strong>的網路監聽者可以破解加密的使用者輸入內容，且我們成功實測此方法</td> </tr> <tr class="header striped--light-gray"> <td class="tc" style="color: olive;font-size: 18pt"><strong>!</strong></td> <td>加密法實作中存在弱點</td> </tr> <tr class="odd striped--light-gray"> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td>未發現問題</td> </tr> <tr class="header striped--light-gray"> <td class="tc">N/A</td> <td>該產品在我們測試的裝置上不提供或是不存在</td> </tr> </tbody> </table></div></figure> <figure class="center mw-100 table-overflow" style="min-width:50%; width: min-content; margin: 0px auto"><div class="center" style="min-width: 100%; width: fit-content"><table border="0" cellspacing="0" style="width: max-content; height: unset" class="ba b--light-gray"> <thead> <tr class="header"> <th><strong>輸入法開發商</strong></th> <th class="tc">Android</th> <th class="tc">iOS</th> <th class="tc">Windows</th> </tr> </thead> <tbody> <tr class="odd striped--light-gray"> <td>騰訊<sup>&dagger;</sup></td> <td class="tc" style="color: darkred;font-size: 18pt">✘</td> <td class="tc">N/A</td> <td class="tc" style="color: darkred;font-size: 18pt">✘</td> </tr> <tr class="even striped--light-gray"> <td>百度</td> <td class="tc" style="color: olive;font-size: 18pt"><strong>!</strong></td> <td class="tc" style="color: olive;font-size: 18pt"><strong>!</strong></td> <td class="tc" style="color: olive;font-size: 18pt"><strong>!</strong></td> </tr> <tr class="odd striped--light-gray"> <td>訊飛</td> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td class="tc" style="color: green;font-size: 18pt">✔</td> </tr> </tbody> </table></div></figure> <p><strong>預載輸入法開發商</strong></p> <figure class="center mw-100 table-overflow" style="min-width:50%; width: min-content; margin: 0px auto"><div class="center" style="min-width: 100%; width: fit-content"><table border="0" cellspacing="0" style="width: max-content; height: unset" class="ba b--light-gray"> <thead> <tr class="odd"> <th class="tl"><strong>裝置製造商</strong></th> <th class="tc">自有</th> <th class="tc">搜狗</th> <th class="tc">百度</th> <th class="tc">訊飛</th> <th class="tc">iOS</th> <th class="tc">Windows</th> </tr> </thead> <tbody> <tr class="header striped--light-gray"> <td>三星</td> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td class="tc" style="color: green;font-size: 18pt"><span class="dib w-10"> </span>✔<span class="dib w-10" style="color: black">*</span></td> <td class="tc" style="color: olive;font-size: 18pt"><strong>!</strong></td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="odd striped--light-gray"> <td>華為</td> <td class="tc" style="color: green;font-size: 18pt"><span class="dib w-10"> </span>✔<span class="dib w-10" style="color: black">*</span></td> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="header striped--light-gray"> <td>小米</td> <td class="tc">N/A</td> <td class="tc" style="color: green;font-size: 18pt"><span class="dib w-10"> </span>✔<span class="dib w-10" style="color: black">*</span></td> <td class="tc" style="color: olive;font-size: 18pt"><strong>!</strong></td> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="odd striped--light-gray"> <td>OPPO</td> <td class="tc">N/A</td> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td class="tc" style="color: olive;font-size: 18pt"><span class="dib w-10"> </span><strong>!</strong><span class="dib w-10" style="color: black">*</span></td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="header striped--light-gray"> <td>Vivo</td> <td class="tc" style="color: green;font-size: 18pt"><span class="dib w-10"> </span>✔<span class="dib w-10" style="color: black">*</span></td> <td class="tc" style="color: green;font-size: 18pt">✔</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> <tr class="odd striped--light-gray"> <td>榮耀</td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc" style="color: darkred;font-size: 18pt"><span class="dib w-10"> </span>✘✘<span class="dib w-10" style="color: black">*</span></td> <td class="tc">N/A</td> <td class="tc">N/A</td> <td class="tc">N/A</td> </tr> </tbody> </table></div></figure> <p>* 在我們的測試裝置上，這個是預設的輸入法<br> <sup>&dagger;</sup> QQ 输入法及搜狗輸入法都是由騰訊所開發，本研究中我們分析了 QQ 输入法，發現它含有<a href="https://citizenlab.ca/2023/08/vulnerabilities-in-sogou-keyboard-encryption/" class="pointer"><u>我們先前在搜狗輸入法中發現</u></a>的相同漏洞</p> <p>總結來說，除了榮耀以外，我們發現的加密破解方法在經過廠商修補後，均已無效。而在榮耀手機以外廠牌的百度輸入法中，仍持續存在加密的弱點，但我們暫時還未找到方法可以利用這些弱點解密傳輸中的使用者輸入資訊。</p> <h2 id="受影響軟體列表" class="lh-solid mb3">受影響軟體列表</h2> <p class="mt0">我們建議所有使用者保持作業系統和應用程式（包含輸入法）在最新版本，若您有使用下列軟體，我們強烈建議您檢查並安裝這些軟體及作業系統最新的更新。截至 2024 年 4 月 1 日，下列軟體已有更新可供安裝，安裝後可修補我們發現的安全漏洞。</p> <p><strong>非作業系統預載（手動安裝）的第三方開發者的輸入法：</strong></p> <ul> <li class="mt2">Android 和 Windows 平台的 Sogou IME / 搜狗输入法</li> <li class="mt2">Android 和 Windows 平台的 Baidu IME / 百度输入法（此開發者未完整修補我們發現的漏洞，詳情見下）</li> <li class="mt2">Android 平台的 iFlyTek IME / 讯飞输入法</li> </ul> <p><strong>三星中國版作業系統中預載的：</strong></p> <ul> <li class="mt2">Samsung Keyboard</li> <li class="mt2">Baidu IME / 百度输入法</li> </ul> <p><strong>小米中國版作業系統中預載的：</strong></p> <ul> <li class="mt2">Sogou IME Xiaomi Version / 搜狗输入法小米版</li> <li class="mt2">iFlyTek IME Xiaomi Version / 讯飞输入法小米版</li> </ul> <p><strong>OPPO 中國版作業系統中預載的：</strong></p> <ul> <li class="mt2">Sogou IME Custom Version / 搜狗输入法定制版</li> </ul> <p><strong>Vivo 中國版作業系統中預載的：</strong></p> <ul> <li class="mt2">Sogou IME Custom Version / 搜狗输入法定制版</li> </ul> <p>下列軟體仍未使用 TLS，因此可能仍有漏洞：</p> <p><strong>非作業系統預載（手動安裝）的第三方開發者的輸入法：</strong></p> <ul> <li class="mt2">Android, Windows, 和 iOS 平台的 Baidu IME / 百度输入法</li> </ul> <p><strong>小米中國版作業系統中預載的：</strong></p> <ul> <li class="mt2">Baidu IME Xiaomi Version / 百度输入法小米版</li> </ul> <p><strong>OPPO 中國版作業系統中預載的：</strong></p> <ul> <li class="mt2">Baidu IME Custom Version / 百度输入法定制版</li> </ul> <p>下列軟體含有未修補的漏洞，能夠輕易被攻擊者所利用，我們建議使用者改用其他輸入法：</p> <p><strong>非作業系統預載（手動安裝）的第三方開發者的輸入法：</strong></p> <ul> <li class="mt2">Android 和 Windows 平台的 QQ Pinyin IME / QQ 输入法</li> </ul> <p><strong>榮耀中國版作業系統中預載的：</strong></p> <ul> <li class="mt2">Baidu IME Honor Version / 百度输入法荣耀版</li> </ul> <h2 id="綜合建議" class="lh-solid mb3">綜合建議</h2> <h3 id="給資安研究人員" class="lh-solid mb3">給資安研究人員</h3> <ul class="mt0"> <li class="mt2">資安研究人員應該多加研究東亞及其他熱門區域的手機應用程式生態系，即使這些區域並非研究人員原生的區域。</li> <li class="mt2">資安研究人員應發展更佳的動態及靜態分析方法，以利大規模尋找我們發現的此類型漏洞。</li> <li class="mt2">資安研究人員通報漏洞時應以開發者所在地區的常見語言寫出簡短摘要及郵件標題。</li> </ul> <h3 id="給應用程式商店" class="lh-solid mb3">給應用程式商店</h3> <ul class="mt0"> <li class="mt2">應用程式商店不應要求需註冊帳號才能下載安全性更新。</li> <li class="mt2">應用程式商店不應該根據地理位置阻擋安全性更新。</li> <li class="mt2">如同 Google Play<br> 商店，其他應用程式商店應該提供方式讓開發者標示隱私和安全資訊，包含網路資料傳輸是否加密。</li> <li class="mt2">當開發者在應用程式商店中標示應用程式會加密所有傳輸資料時，應用程式商店應予顯示，當開發者並未如此標示時，應用程式商店亦應警告使用者。</li> <li class="mt2">應用程式商店應針對特定機敏類型的應用程式（例如輸入法）要求開發者保證所有傳輸資料均經加密，或保證不傳輸任何資料。</li> </ul> <h3 id="給輸入法開發者" class="lh-solid mb3">給輸入法開發者</h3> <ul class="mt0"> <li class="mt2">使用經過廣泛測試的標準加密通訊協定，例如 TLS 及 QUIC。</li> <li class="mt2">儘可能將功能設計為可離線運作、不需傳輸任何敏感資料到雲端伺服器。</li> </ul> <h3 id="給手機作業系統開發者" class="lh-solid mb3">給手機作業系統開發者</h3> <ul class="mt0"> <li class="mt2">如同 iOS, Android 應實作沙箱來限制輸入法程式的網路傳輸和其他危險行為，在使用者主動允許前不予放行。</li> <li class="mt2">Android 及 iOS 開發者應設計更好的「網路存取」權限，讓使用者一目瞭然應用程式是否透過網路傳輸任何資料。</li> </ul> <h3 id="給手機製造商" class="lh-solid mb3">給手機製造商</h3> <ul class="mt0"> <li class="mt2">將輸入法整合並預載在作業系統之前，應稽核其安全性。</li> </ul> <h3 id="給一般使用者" class="lh-solid mb3">給一般使用者</h3> <ul class="mt0"> <li class="mt2">搜狗、QQ、百度、訊飛輸入法的使用者，無論輸入法是手動從應用程式商店安裝或者原本就預載在作業系統當中，應確保輸入法及作業系統維持在最新版本。</li> <li class="mt2">顧慮隱私的使用者應停用任何輸入法中的雲端功能。</li> <li class="mt2">顧慮隱私的 iOS 使用者不應啟用輸入法的「允許完整存取權」。</li> </ul> </section> <footer> </footer> </article> <aside class="social-sidebar"> <div id="social-sidebar" role="complementary" class="w-100"> </div> </aside> </section> </main> </div> <footer role="contentinfo" itemscope itemtype="http://schema.org/WPFooter" class="footer"> <div class="footer__container"> <nav role="navigation" class="footer__nav"> <h2>Research</h2> <div class="footer-links cf"><ul id="menu-research" class="list pa0"><li id="menu-item-29711" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-29711"><a href="https://citizenlab.ca/category/research/targeted-threats/" class="lh-title mb2 db white b no-underline underline-hover">Targeted Threats</a></li> <li id="menu-item-29709" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-29709"><a href="https://citizenlab.ca/category/research/free-expression-online/" class="lh-title mb2 db white b no-underline underline-hover">Free Expression Online</a></li> <li id="menu-item-29712" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-29712"><a href="https://citizenlab.ca/category/research/transparency/" class="lh-title mb2 db white b no-underline underline-hover">Transparency and Accountability</a></li> <li id="menu-item-29708" class="menu-item menu-item-type-taxonomy menu-item-object-category current-post-ancestor current-menu-parent current-post-parent menu-item-29708"><a href="https://citizenlab.ca/category/research/app-privacy-and-security/" class="lh-title mb2 db white b no-underline underline-hover">App Privacy and Controls</a></li> <li id="menu-item-29710" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-29710"><a href="https://citizenlab.ca/category/research/global-research-network/" class="lh-title mb2 db white b no-underline underline-hover">Global Research Network</a></li> <li id="menu-item-72386" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-72386"><a href="https://citizenlab.ca/category/research/tools-resources/" class="lh-title mb2 db white b no-underline underline-hover">Tools & Resources</a></li> <li id="menu-item-29713" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-29713"><a href="https://citizenlab.ca/publications/" class="lh-title mb2 db white b no-underline underline-hover">All Publications</a></li> </ul></div> </nav> <nav role="navigation" class="footer__nav"> <h2>News</h2> <div class="footer-links cf"><ul id="menu-news" class="list pa0"><li id="menu-item-29714" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-29714"><a href="https://citizenlab.ca/category/lab-news/mentions/" class="lh-title mb2 db white b no-underline underline-hover">In the Media</a></li> <li id="menu-item-29715" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-29715"><a href="https://citizenlab.ca/category/lab-news/events/" class="lh-title mb2 db white b no-underline underline-hover">Events</a></li> <li id="menu-item-29716" class="menu-item menu-item-type-taxonomy menu-item-object-category menu-item-29716"><a href="https://citizenlab.ca/category/lab-news/opportunities/" class="lh-title mb2 db white b no-underline underline-hover">Opportunities</a></li> <li id="menu-item-29717" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-29717"><a href="https://citizenlab.ca/newsletter/archives/" class="lh-title mb2 db white b no-underline underline-hover">Newsletter Archives</a></li> </ul></div> </nav> <nav role="navigation" class="footer__nav"> <h2>About</h2> <div class="footer-links cf"><ul id="menu-about" class="list pa0"><li id="menu-item-29718" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-29718"><a href="https://citizenlab.ca/about/" class="lh-title mb2 db white b no-underline underline-hover">About The Citizen Lab</a></li> <li id="menu-item-29720" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-29720"><a href="https://citizenlab.ca/people/" class="lh-title mb2 db white b no-underline underline-hover">People</a></li> <li id="menu-item-68022" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-68022"><a href="https://citizenlab.ca/media/" class="lh-title mb2 db white b no-underline underline-hover">Media Resources</a></li> <li id="menu-item-29721" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-29721"><a href="https://citizenlab.ca/teaching/" class="lh-title mb2 db white b no-underline underline-hover">Teaching</a></li> <li id="menu-item-68345" class="menu-item menu-item-type-custom menu-item-object-custom menu-item-68345"><a href="https://donate.utoronto.ca/give/show/84" class="lh-title mb2 db white b no-underline underline-hover">Donate</a></li> </ul></div> </nav> </div>  <div class="footer__container mt4 relative pt3-ns bt b--gray"> <div class="flex-ns justify-between w-100"> <div class="w-30-ns w-100 mb3 mr3-ns pt3"> <h2 class="ttu mt0 mb2 f4">Connect</h2> <div class="social-media"> <a class="dim" href="https://x.com/citizenlab" aria-label="Visit our Twitter/X account"><span class="fa-brands fa-x-twitter white" aria-hidden="true"></span></a> <a class="dim" href="https://bsky.app/profile/citizenlab.ca" aria-label="Visit our Bluesky account"><span class="fa-brands fa-bluesky white" aria-hidden="true"></span></a> <a class="dim" rel="me" href="https://mastodon.social/@citizenlab" aria-label="Follow our Mastodon account"><span class="fa-brands fa-mastodon white" aria-hidden="true"></span></a> <a class="dim" href="https://www.youtube.com/channel/UCf5Aunw7xvt3lAFrLhiCA5w" aria-label="Visit our Youtube page"><span class="fa-brands fa-youtube white" aria-hidden="true"></span></a> <a class="dim" href="https://ca.linkedin.com/company/the-citizen-lab" aria-label="Visit our LinkedIn page"><span class="fa-brands fa-linkedin white" aria-hidden="true"></span></a> <a class="dim" href="/cdn-cgi/l/email-protection#284146595d415a414d5b684b415c41524d4644494a064b49" aria-label="Email us"><span class="fa-solid fa-envelope white" aria-hidden="true"></span></a> <a class="dim" href="https://github.com/citizenlab" aria-label="Visit oour Github"><span class="fa-brands fa-github white" aria-hidden="true"></span></a> </div> </div> <div class="w-60-ns f6 w-100 pt3"> <h2 class="f4 ttu mb2 mt3 mt0-ns">Newsletter</h2> <div id="text-3"> <div class="textwidget"><script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script><script>(function() { window.mc4wp = window.mc4wp || { listeners: [], forms: { on: function(evt, cb) { window.mc4wp.listeners.push( { event : evt, callback: cb } ); } } } })(); </script><form id="mc4wp-form-1" class="mc4wp-form mc4wp-form-29703" method="post" data-id="29703" data-name="" ><div class="mc4wp-form-fields"><input type="email" name="EMAIL" placeholder="Your email address" required class="dib pv1 mr2 mv1 lh-solid mw4"/><input type="submit" value="Sign up" class="link br1 b--none lh-solid cta-button-orange b pointer"/></div><label style="display: none !important;">Leave this field empty if you're human: <input type="text" name="_mc4wp_honeypot" value="" tabindex="-1" autocomplete="off" /></label><input type="hidden" name="_mc4wp_timestamp" value="1739841848" /><input type="hidden" name="_mc4wp_form_id" value="29703" /><input type="hidden" name="_mc4wp_form_element_id" value="mc4wp-form-1" /><div class="mc4wp-response"></div></form> </div> </div> </div> </div> </div> </footer> <div id="privacy-footer"> <div class="mv0 dib"> <div id="text-5"> <div class="textwidget"><p><a class="db white dim" href="https://citizenlab.ca/privacy/">Privacy Policy</a></p> </div> </div> </div> <div class="mv0 dib ph3-l"> <div id="text-4"> <div class="textwidget"><p>Unless otherwise noted this site and its contents are licensed under a <a class="white dim" href="https://creativecommons.org/licenses/by/2.5/ca/">Creative Commons Attribution 2.5 Canada</a> license.</p> </div> </div> </div> <div class="dib mv0 mt2 lh0 mw5"> <a href="http://munkschool.utoronto.ca/" target="blank"> <img src="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/images/MunkSchool-WHT.png" alt="Munk School of Global Affairs & Public Policy | University of Toronto" /> </a> </div> </div> <script>(function() {function maybePrefixUrlField () { const value = this.value.trim() if (value !== '' && value.indexOf('http') !== 0) { this.value = 'http://' + value } } const urlFields = document.querySelectorAll('.mc4wp-form input[type="url"]') for (let j = 0; j < urlFields.length; j++) { urlFields[j].addEventListener('blur', maybePrefixUrlField) } })();</script><script type="text/javascript" src="https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.js" id="bigfoot-js"></script> <script type="text/javascript" src="https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot.min.js" id="bigfoot-min-js"></script> <script type="text/javascript" src="https://citizenlab.ca/wp-content/plugins/bigfoot_footnotes/library/bigfoot-function.js" id="bigfoot-function-js"></script> <script type="text/javascript" src="https://citizenlab.ca/wp-content/plugins/youtube-embed-plus/scripts/fitvids.min.js" id="__ytprefsfitvids__-js"></script> <script type="text/javascript" src="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/js/search-menu.js" id="search-menu-js"></script> <script type="text/javascript" src="https://citizenlab.ca/wp-content/themes/citizenlab-2.1.5/library/js/jquery-details/jquery.details.min.js" id="jquery-details-js"></script> <script type="text/javascript" defer src="https://citizenlab.ca/wp-content/plugins/mailchimp-for-wp/assets/js/forms.js" id="mc4wp-forms-api-js"></script> </body> </html>

CINXE.COM

敲敲打打：一系列雲端輸入法漏洞允許網路攻擊者監看輸入內容（摘要） - The Citizen Lab