Chinese Search Engine “Baidu” have Security issues! Leaked Sensitive Info!

Baidu is a Chinese web services company, which was incorporated in year 2000. According to a new study, the web browsers developed by Baidu have a number of security issues. A new study has been done by the security researchers of Toronto University. Researchers said, Web Browsers of Baidu are transmitting sensitive information of users without security on the internet. By doing this, Baidu is playing with the privacy of users. To respond this, Baidu released updates for its browsers. But these updates were not the solution for all the security issues.

Researchers also found a number of security issues in Baidu Software Development Kit (SDK). No doubt, developers have developed a number of application using Baidu SDK. These apps are leaking sensitive information of users. Free Browser of Baidu is available for Window and Android, which is also vulnerable. Attackers could take control of user’s system by exploiting these security issues. The big reason behind it is, Baidu is not using SSL/TLS encryption techniques to send users MAC address to its personal servers.

There are also several security issues with the encryption techniques, which have been used by Baidu to transmit user’s information. Baidu is using weak encryption methods for collecting International Mobile Station Equipment identity (IMEI) number of devices, network information, serial numbers of hard drive and MAC addresses of users. Attackers can easily break these encryption techniques. Baidu is not using Digital Signatures technique in transmission, so attackers can use malicious codes to hack the systems of users.

China is very strict about their policies for Internet. Law enforcement and intelligence agencies of China can take the data of users from Baidu to test the security issues. All the internet companies of China are collecting user’s information by using fully secure techniques. Baidu is not using much security techniques and it is also collecting large amount of user information as compare to other companies.

Researchers are saying that Baidu is violating Chinese law by collecting unnecessary information of user. Baidu said, “Our team of technicians is working on it and we will fix all the security issues till may of this year.”

Source: CIO Blog