Chinese Internet browser Baidu tracks personal user data and then sends that information to Baidu servers without or with weak encryption, making it susceptible to malicious attacks, according to a new Citizen Lab report co-authored by ICFP fellow Jeffrey Knockel.
“Baidu’s and Don’ts: Privacy and Security Issues in Baidu Browser” finds that the popular Baidu browser, along with thousands of apps that run Baidu-produced code, run with significant security vulnerabilities that would allow a third-party to obtain sensitive user data through a relatively simple “man-in-the-middle” attack.
“It’s either shoddy design or it’s surveillance by design,” Citizen Lab director Ron Deibert told Reuters.
View the full Citizen Lab report here.
Read Reuters’ coverage here.