Alibaba Group Holding Ltd’s UC Browser Has Serious Security Flaws

0
Alibaba Group Holding Ltd’s UC Browser Has Serious Security Flaws
alibaba

Alibaba’s extremely popular UC Browser has some serious security flaws that leak users’ private data to third parties. Last year, Alibaba paid over a billion dollar to acquire UCWeb, the developer of mobile web browser UC Browser. Canada-based Citizen Lab revealed in a new report on Thursday that the Chinese and English-language versions of UC Browser are a privacy risk.

UC Browser transmits data without encryption

The Canadian firm started analyzing the browser after some media organizations contacted them for comments on a document from Canada’s Communications Security Establishment. The document was leaked by former NSA contractor Edward Snowden. It revealed vulnerabilities in UC Browser.

This Top Value Hedge Fund Is Killing It This Year So Far

Stone House Capital PartnersStone House Capital Partners returned 4.1% for September, bringing its year-to-date return to 72% net. The S&P 500 is up 14.3% for the first nine months of the year. Q3 2021 hedge fund letters, conferences and more Stone House follows a value-based, long-long term and concentrated investment approach focusing on companies rather than the market Read More

In its analysis, Citizen Lab found that both English and Chinese-language versions of the browser leaked personally identifiable information such as location, search details, and device numbers to third parties. The Chinese version was even more vulnerable. They analyzed both WiFi and cellular network data traffic of the browser.

The browser’s AMAP component, an Alibaba mapping tool, sends device and user identifiers, as well as location data to a remote server. Alibaba’s analytics tool Umeng also sends device identifiers to a remote location. The shocking thing is that all the data is sent with little or no encryption. So, anyone with access to the data traffic can identify users and their devices.

Alibaba fixes the issue

The stolen private data can be used against the respective UC Browser users by criminals, authorities, or other third parties. Another issue is that users’ private data is not completely deleted when they clear the browser history, input history, login records, cookies and the cache. Citizen Lab said that, though most of the data is deleted, a record of the app’s DNS lookups remained on the device.

UC Browser has more than 500 million registered mobile users. It boasts of 65% market share in China. Alibaba spokesman Bob Christie told Reuters that the issues were fixed immediately after Citizen Lab brought it to their notice. The company has also notified customers of an update to the browser.

 

Updated on

No posts to display