SoylentNews

takyon [soylentnews.org] writes:

Baidu, China's top search engine, offers a very insecure Web browser [citizenlab.org]:

Today, the Citizen Lab is releasing a new report [citizenlab.org], "Baidu's and Don'ts: Privacy and Security Issues in Baidu Browser."

The report is the result of many weeks of careful analysis, led by Citizen Lab security researcher Jeffrey Knockel and co-authors Adam Senft and Sarah McKune and is part of Citizen Lab's interest in analyzing the privacy and security issues involved with popular mobile applications [citizenlab.org].

Reuters has an exclusive story on the report here: http://www.reuters.com/article/baidu-vulnerability-idUSL3N1613VI [reuters.com]

The report takes a close look at Baidu Browser, a popular China-based mobile application that is available in Windows and Android versions. What we found was very troubling.

Baidu Browser collects and transmits a lot of personal user data back to Baidu servers that we believe goes far beyond what should be collected, and it does so either without encryption, or with easily decryptable encryption. Data collected and transmitted in the Android version without any encryption includes a user's GPS coordinates, search terms, and URLs visited. The user's IMEI and nearby wireless networks are sent with easily decryptable encryption. Meanwhile, the Windows version sends search terms, hard drive serial number, network MAC address, title of all webpages visited and GPU model number.

Baidu responded to some of the Citizen Lab's questions [citizenlab.org]. Spotted at The Register [theregister.co.uk].

Original Submission