Security alert: A.I.type Keyboard sends all keystrokes in plain text to the cloud
What a beautiful day for one security hole to be fixed, and another one to be discovered. Luckily, the latest security breach will most likely only affect a small percentage of G&E readers: namely, those who are using A.I.type Keyboard on their HTC EVOs.
This third party keyboard purports to be the best at "psychically" predicting what you'll type next, speeding up the text input process on your Android phone. It does this by sending almost everything you type to servers in the cloud, which will process what you've input so far and throw back its best guess at what you'll type next.
The problem? It sends all of this to the cloud – everything you're typing – in unencrypted plain-text, making it quite easy for snoopers on both ends to intercept.
This security hole was discovered by Artem Russakovskii, the same guy who discovered the massive HTC vulnerability that was officially fixed earlier today. As Artem says, "Let this serve as a wake-up call to both users placing trust in the cloud and developers who don't utilize even the most basic security and privacy standards … Remember, all cloud services are not created equal."
[Android Police]