help promote
usenix conference policies
Privacy and Security Issues in BAT Web Browsers
Jeffrey Knockel, Citizen Lab, University of Toronto and University of New Mexico; Adam Senft and Ronald Deibert, Citizen Lab, University of Toronto
In this position paper, we summarize our technical analysis of the security and privacy vulnerabilities in three web browsers developed by China’s three biggest web companies: UC Browser, QQ Browser and Baidu Browser; developed by UCWeb (owned by Alibaba), Tencent and Baidu, respectively. We found them to consistently contain sensitive data leaks and remote code execution vulnerabilities in their update processes. Despite the massive user bases of these browsers, particularly in China, there has been limited attention paid to the applications by the information security research community. This lack of attention is problematic, as it is known that the insecure transmission of personal user data by UC Browser has been used by the intelligence community to perform surveillance. We conclude by evaluating explanations for why this class of apps has such uniform security and privacy issues, and recommend researchers better engage software development companies in developing and newly industrialized economies.
Open Access Media
USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.
author = {Jeffrey Knockel and Adam Senft and Ronald Deibert},
title = {Privacy and Security Issues in {BAT} Web Browsers},
booktitle = {6th USENIX Workshop on Free and Open Communications on the Internet (FOCI 16)},
year = {2016},
address = {Austin, TX},
url = {https://www.usenix.org/conference/foci16/workshop-program/presentation/knockel},
publisher = {USENIX Association},
month = aug
}
connect with us