Baidu browser is spying on users
At this time the problems identified in a regular browser does not Tevis Ormandy and specialists Citizen Lab. Experts writethat own browser Chinese giant Baidu, based on the Chromium engine, not only collects data about users, but also sends them to the side, without worrying too much about encryption.
Since Baidu is committed anything to keep from Google, the Chinese search engine also has its own browser, in fact – Google Chrome clone. However, the “under the hood” in Baidu browser found a lot of problems, particularly in versions for Windows and Android.
Citizen Lab Experts say that today almost all browsers collect information about users, as well as many other web services. Of course, this is not good, but the companies are covered using the information “for analytical purposes.” Baidu companies browser differs in that it does not just collect data, it sends the information gathered on Baidu’s servers. This browser ignores any encryption or uses very weak encryption.
Version for Android in China merges browser history, search history, IMEI devices, GPS coordinates, information about nearby Wi-Fi networks and the MAC-address of local devices.
The Windows version also sends to remote servers and search history of visited sites, MAC-addresses, CPU model, serial number and model hard drive, as well as information about the logical drives.
The researchers concluded that for the leak of data in both cases is liable popular SDK – Baidu Mobile Tongji (Analytics) . It was possible to calculate that this solution is used in 22,548 different applications. Earlier, in November 2015, Trend Micro’s analysts have identified similar SDK from Baidu, used in 14,112 applications, it can even be used to install bedkorov on infected devices.
Citizen Lab experts also noticed that the browser will download updates without checking any code signatures, it is possible to carry out an attack against the browser’s man-in-the-middle and switch upgrade Malvar.
Baidu representatives gave researchers an official reply , which reported that they have working to fix problems found. It is expected that at the end of February will be presented an updated version of the mobile browser and the desktop version will update in May 2016.
Photo: Ahsan Haque