Even the person you trust most does not have access to this amount of information on you and yet QQ receives it from everyone who uses their browser,” said Jeffrey Knockel, Senior Researcher at the Citizen Lab at the University of Toronto’s Munk School of Global Affairs. “QQ Browser phones home information on your device’s hardware serial numbers and tracks your location and every page you visit. The transmission of personally identifiable user data without properly implemented encryption leaves this data vulnerable to surveillance by a number of intermediaries, including a user’s ISP, wireless network operator, mobile carrier, a malicious actor with network visibility, and/or a government agency with access to any of those intermediaries. Similarly, the Windows version sends personally identifiable data, including the URL of all pages visited in the browser, a user’s hard drive serial number, MAC address, Windows hostname, and Windows user security identifier, also without encryption or with easily decrypted decryption. The Android version of the browser transmits personally identifiable data, including a user’s search terms, the URLs of visited websites, nearby WiFi access points, and the user’s IMSI and IMEI identifiers, without encryption or with easily decrypted encryption. Researchers identified problems in both the Android and Windows versions of the application. Citizen Lab researchers identified security and privacy issues in QQ Browser, a mobile browser produced by China-based Tencent, which may put millions of users of the application at risk of serious compromise.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |