Menu
Baidu web browsers leaked sensitive information, researchers say

Baidu web browsers leaked sensitive information, researchers say

Baidu has fixed some of the issues, but others remain

Two web browsers developed by Chinese search giant Baidu have been insecurely transmitting sensitive data across the Internet, putting users' privacy at risk, according to a new study.

Baidu responded by releasing software fixes, but researchers say not all the issues have been resolved.

The study was published Tuesday by Citizen Lab, a research group that's part of the University of Toronto. 

It focused on the Windows and Android versions of Baidu's browser, which are free products. It also found that sensitive data was leaked by thousands of apps that use a Baidu SDK (software development kit).

With the browsers, Citizen Lab found that a user's search terms, GPS coordinates, the addresses of websites visited and device's MAC (Media Access Control) address were sent to Baidu's servers without using SSL/TLS encryption.

"The transmission of personal data without properly implemented encryption can expose a user's data to surveillance," the report noted.

Other sensitive information, such as IMEI (International Mobile Station Equipment Identity) numbers, nearby Wi-Fi networks and their MAC addresses, and hard-drive serial numbers were transmitted with weak encryption that could be broken.

Neither web browser used digital code signatures for updates, meaning attackers could try to slip in their own code instead.

The government of China strictly controls Internet use, and Baidu can be required to hand over user data to intelligence agencies and law enforcement. The data collection raises questions about whether it could be used against those who oppose government policies.

"While Internet companies often collect personal user data for the normal and efficient provision of services, it is unclear why Baidu Browser collects and transmits such an extensive range of sensitive user data points," the report said.

Citizen Lab also found that thousands of mobile apps that use Baidu's mobile analytics SDK transmit the same sensitive information back to the company.

"Any app that uses this SDK for statistics and event tracking sends messages to Baidu’s servers," the report said.

Baidu officials could not be immediately reached for comment, but Citizen Lab published a document with questions it posed and answers from the company.

Baidu doesn't answer a question about what user data is it required to retain under Chinese law. It also says it was unable to comment on why requests using its browsers to visit websites outside of China went through a proxy server.

But Baidu said it has improved security based on the researchers' findings. For example, it said data transmitted by the Android browser would be fully encrypted by the end of this month, and for the Windows browser by early May.


Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

Tight lines as Hooked on Lenovo catches up at Great Barrier Island

​Ingram Micro’s Hooked on Lenovo incentive programme recently rewarded 28 of New Zealand's top performing resellers with a full-on fishing trip at Great Barrier Island for the third year​ in a row.

Tight lines as Hooked on Lenovo catches up at Great Barrier Island
Inside the AWS Summit in Sydney

Inside the AWS Summit in Sydney

As the dust settles on the 2017 AWS Summit in Sydney, ARN looks back an action packed two-day event, covering global keynote presentations, 80 breakout sessions on the latest technology solutions, and channel focused tracks involving local cloud stories and insights.

Inside the AWS Summit in Sydney
Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day

Ingram Micro hosted its third annual Cure Kids Charity Golf Tournament at the North Shore Golf Club in Auckland. In total, 131 resellers, vendors and Ingram Micro suppliers enjoyed a round of golf consisting of challenges on each of the 18 sponsored holes, with Team Philips taking out the top honours.

Channel tees off on the North Shore as Ingram Micro hosts annual Cure Kids Charity golf day
Show Comments