Slashdot Mirror

← Back to Stories (view on slashdot.org)

Baidu Browser Acts Like a Mildly Tempered Infostealer Virus

Posted by timothy on from the ever-so-gentle dept.

An anonymous reader writes: The Baidu Web browser for Windows and Android exhibits behavior that could easily be categorized by a security researcher as an infostealer virus because the browser collects information on its users, and then sends it to Baidu's home servers.

Both versions collected waaaaay to much information that has nothing to do with analytics, like hard drive models, CPU serials, and personal browsing history. The browser collected and sent this information on startup, when the user started typing content in his address bar, and on any page view. Some of this was sent via unencrypted connections. Additionally, the browser update did not use code signatures, meaning you could man-in-the-middle the connection and send anything you'd like to the browser, from Pokemon games to banking trojans, and have it installed locally.

15 of 97 comments (clear)

  1. All 'telemetry' is SPYING. by Anonymous Coward · · Score: 4, Insightful

    All 'telemetry' is SPYING.

  2. China. by Anonymous Coward · · Score: 4, Insightful

    What else would you expect?

    1. Re:China. by Anonymous Coward · · Score: 2, Insightful

      microsoft, google, and facebook are u.s. companies... datamining users for fun and profit and for government goodwill is not country-specific.

    2. Re:China. by DahGhostfacedFiddlah · · Score: 2

      With the number of hacks coming from China, I'd at least expect them to understand the value of signing their code.

      --
      Last post!
  3. Re:Crome by ArchieBunker · · Score: 4, Interesting

    I keep hearing this. Where are the packet dumps showing what info is collected?

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
  4. waaaaay too pregnant by Pseudonymous+Powers · · Score: 3, Insightful

    Both versions collected waaaaay to much information that has nothing to do with analytics...

    This is a meaningless statement, mostly because "analytics" is always a just a weasel-word for "spying". The only acceptable amount is zero.

  5. waaaaay to much leniency by Anonymous Coward · · Score: 2, Interesting

    timothy, do your job ffs. and by that I don't mean shill for your benefactors, I mean EDIT.

  6. Baidu is relentless by JustAnotherOldGuy · · Score: 5, Interesting

    The Baidu search spider is relentless...I see thousands of connections and scans from it every day on many of the sites I own and admin. The logs often contain literally tens of thousands of lines of Baidu requests, and the spider completely ignores the robots.txt file. For example, this usually does not work:

    #Baiduspider
    User-agent: Baiduspider
    Disallow: /     ...and neither do most of the other snippets and directives that are supposed to block the Baidu search spider, because it often misrepresents itself.

    The only relief is to block the IPs that Baidu comes from, but it's a huge range, hundreds of IPs. It's almost easier just to block all of China.

    --
    Just cruising through this digital world at 33 1/3 rpm...
  7. Re:True to life by tnk1 · · Score: 2

    Yes. You should not instantly mistrust it because it sounds Asian. That would be wrong.

    You should mistrust it because this is Baidu you're talking about here.

  8. Re:True to life by Anonymous Coward · · Score: 2, Insightful

    Baidu is the Chinese "Google", the biggest Chinese search engine provider. According to Alexa, it's one of the five most visited web sites in the world. Would you like fries with your ignorance?

    As a Chinese "Google," it also 100% caves into any and all government requests for censorship, page removal, data, whatever. You know there's a reason why there is no google.cn, right? And why half the time Google and all its services are blocked (not sure of the current state--it tends to go back and forth) in China.

  9. Re:Crome by U2xhc2hkb3QgU3Vja3M · · Score: 2

    They just got rid of the "no".

  10. Re:Crome by buck-yar · · Score: 5, Interesting

    Found this on reddit:

    've seen theres a lot of speculation on whether the observed network connections from Windows 10 with privacy options on are actually spying or not, and figured some actual evidence would be in order.

    Anyone can recreate this for themselves:

            Fresh install of Windows 10.
            Set all privacy options to off, disable cortana, disable web search
            Ensure all updates are done. Close all programs.
            Install Fiddler, and enable HTTPS sniffing. (If you use wireshark, you wont be able to view the HTTPS)
            Press stream in fiddler.
            Click the windows search bar, type any letter, watch the HTTPS session to bing.com appear.

    Im still trying to figure out exactly what it is that it is transmitting, but its for sure sending a user-agent string that identifies itself as Cortana.

    Some observed behaviors:

            Clicking on a link from an application (in this case, a download link from within Fiddler) submits the URL you are visiting to urs.microsoft.com.
            Opening applications-- even with SmartScreen disabled-- opens sessions to apprep.smartscreen.microsoft.com and, among other things, submits the hash of the application. EDIT: Apparently you must also disable smartscreen in edge. Even so, it will initiate a connection to w.apprep.smartscreen.microsoft.com
            Typing anything into the search bar will, regardless of settings, initiate an HTTPS session to www.bing.com. It will transmit a cookie, though so far I have not seen anything in there that looks like keystroke monitoring, as the only thing that appears to change between attempts is an HV section of the cookie. It appears to be downloading javascript, and submitting identifying data (screen resolution, install date, SID). The URL it uses is https://www.bing.com/manifest/...
            Opening the settings app and going into account options sometimes opens a session to public-family.api.account.microsoft.com:443. I suppose this would be expected.

  11. Re:Crome by LichtSpektren · · Score: 2

    It's different in that it's information are set to those horrible Chinese people, instead of those wonderful people at Google who have that sweet "Do no evil" motto.

    Chromium is open source, so you know exactly what's being transmitted, and you can audit it yourself if you like. Baidu is a black box and you have no idea what's coming or going.

  12. Re:Crome by TheDarkMaster · · Score: 5, Insightful

    I think the most correct action to take is to not install Windows 10.

    --
    Religion: The greatest weapon of mass destruction of all time
  13. Remember this, people by argStyopa · · Score: 2

    While I'd be the LAST one to exonerate the misdeeds of my own United States...for all those decrying the "US controls the internet" and all the painting of the US as some sort of malignant capitalist force in the world generally: understand that your actual choice ISN'T the US vs whatever utopia you have cooked up in your head where governments aren't power-hungry monsters and commerce is run by the pleasant hippy guy down at your local co-op who gives you free snacks and coffee "for whatever you feel is fair, dude".

    No, the ACTUAL choices in the world we live in are:
    - the US
    - China
    - maybe Russia ...as your superpowers.

    As much as the US is deeply flawed in many ways, it's still orders of magnitude more benign than the alternatives.

    --
    -Styopa