Friday, April 1, 2016

Browser: Baidu - infostealer?

Sometimes browsers collect information about you and either provide that information to the websites you visit, or a central server. As an example I logged the browser interactions that occur when you play a single song on YouTube using Opera. In that case the browser shares many times with Google and YouTube and then sends a report to Opera.

According to Softpedia, the Baidu Browser can almost be classified as an "infostealer virus". Remember, a virus is malware that requires user interaction, in this case loading the browser and clicking on URL links.

Citizen Lab researchers narrowed down the information leakage issues to a common SDK, Baidu Mobile Tongji (Analytics) SDK, used for both the Android and Windows versions.

Together with mobile security firm Lookout, the researchers identified this SDK inside 22,548 app packages. Back in November 2015, researchers from Trend Micro identified a similar Baidu SDK, which could be found in 14,112 Android apps and included features that could be abused to install backdoors on all infected devices.

You can read more about the Baidu Browser here, but use a safe browsing configuration like Authenic8 Silo or Firefox & NoScript as it appears to attempt to run 15 different scripts on you. If you are a cybersecurity executive of an international organization, it would pay for you to read the Citizen Labs report. Highlights include:

  • The Android version of Baidu Browser transmits personally identifiable data, including a user’s GPS coordinates, search terms, and URLs visited, without encryption, and transmits the user’s IMEI and a list of nearby wireless networks with easily decryptable encryption.

  • The Windows version of Baidu Browser also transmits a number of personally identifiable data points, including a user’s search terms, hard drive serial number model and network MAC address, URL and title of all webpages visited, and CPU model number, without encryption or with easily decryptable encryption.

  • No comments:

    Post a Comment