Shenyu: Cloud input methods with up to one billion users may have leaked input content. Please take immediate measures to reduce the risk.

Shen Yu stated on social media that the cloud input method used by up to one billion users may have leaked input content. If users have entered mnemonic phrases or other sensitive information using any of the following cloud input methods, immediate action should be taken to reduce the risk.Nine manufacturers, including Baidu, Honor, Huawei, iFlytek, OPPO, Samsung, Tencent, etc., were analyzed to determine if the process of sending user input content to the cloud had security vulnerabilities.The analysis results indicated that eight of the nine manufacturers' input method software contained serious vulnerabilities, which allowed us to completely crack the encryption method designed by the manufacturers to protect user input content. Some manufacturers did not use any encryption method to protect user input content.Based on this study and our previous research on vulnerabilities in Sogou input method, we estimate that up to one billion users may be affected by these vulnerabilities.