Fig. 4From: Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokesPrefix-substitution attack. I-Box uses a policy engine to search substring in the output of an IME app. Malicious IME apps can obfuscate sensitive string into non-sensitive string to fool I-Box and leak it out to a remote serverBack to article page