Security and privacy issues involving a mobile browser developed by China-based Internet giant Tencent may be putting millions of users at risk of serious compromise, according to researchers at the University of Toronto.
Both the Android and Windows versions of the QQ Browser transmit personally identifiable data, such as a user's search terms, URLs of visited websites, nearby Wi-Fi access points, and hard drive serial numbers without encryption or easily decrypted encryption. Such data is vulnerable to surveillance by a user's Internet service provider, wireless network operator, mobile carrier, a malicious actor with network visibility, or a government agency with access to any of those intermediaries.
Both versions of QQ also do not adequately protect the software update process.
A team from the university's Citizen Lab disclosed the vulnerabilities to Tencent, but says the company's update does not resolve all of the problems. "Most users would likely be surprised to discover the extent of personally identifiable data that the application is collecting, and would likely be troubled to find it is being transmitted in an insecure manner," says Citizen Lab researcher Adam Senft.
From University of Toronto
View Full Article
Abstracts Copyright © 2016 Information Inc., Bethesda, Maryland, USA
No entries found