 |
Security researchers claimed last Tuesday that two applications developed by the Chinese tech giant Baidu are leaking "sensitive" user data that could potentially make millions of users vulnerable to surveillance or cybercrime. The two applications, "Baidu Maps and Baidu App," are available exclusively through the Google Store Play, and in return, Google canceled the presence of the two applications on its store and thanked the researchers who revealed the privacy violations, and in return the Baidu application returned to the scene after updating it and getting rid of the vulnerability, while the Baidu Maps application remained in a state and offline. .
These applications have achieved up to 6 million users in the United States alone, with tens or hundreds of millions of downloads in the rest of the world, as a previous report from Palo Alto indicated that as many as 1.4 billion have downloaded these applications, but in the end they retreated. About this number when it was found to be inaccurate, and researchers in Palo Alto Unit42 claimed that these Chinese applications were leaking data from users' phones without any permission and wrote in a report: “The leaked data made users traceable, and possibly over the course of their lives.” This vulnerability made the security team check the version of the application that was available for download through the Google Play Store only, but they believe that all other versions available on all known application download stores will be affected.
The researchers found that a baidu software development kit called "Push in the Apps" was sending very sensitive user data to an anonymous Chinese server, and this information included phone model, IMSI number, and MAC address, and this data leakage may seem harmless in the belief. A lot, but as the researchers noted, the IMSI and IMEI numbers can be used to identify, track and identify users even if the phone is changed, for example the "IMSI" standard is the number provided by the cellular server to uniquely distinguish the subscriber from another, the security team says Android applications that collect data, such as IMSI, are able to track users over a very long term, for example if a user switches his SIM card to a new phone and installs an application that previously collected and transferred his IMSI number, the application developer is able to This user is uniquely identified.
 |
"There is a potential risk of cybercrime for users," said Stefan Achleitner, principal investigator on the security team. The user runs it to the bank he deals with, pretending to be the bank’s representative, and the cybercriminal can request the user’s banking information. From here, cyber criminals can access the user’s bank account and are likely to steal their money.
The researchers said that the California-based security company Mountain View supported these findings that confirm the breaches of privacy and were identified in the category of "additional violations" before Google removed them on its store on October 28, and the Baidu app returned to Google Play on November 19. After updating it, but Baidu Maps remained banned, and in return, a spokesperson for Baidi said: "We are working on updating Baidu Maps according to Google's guidelines and we expect the app to return in early December, and there are no violations of this procrastination."
The Chinese company also added that this data has been exploited to enable and try the Push function as shown in the privacy agreement that the user agrees to before accessing the application, and that Baidu takes the privacy and security of its users very seriously and the data is used only with its permission first. The company did not answer the remaining questions about the reason for blocking applications in Google.
The news from the security company that revealed the fraudulent operation.
"AI Unbound: Shaping the Future, One Algorithm at a Time".