Baidu disclosure of user code is assigned to collect data- Impact thousands of applications（百度披露用户代码分配给收集数据,影响成千上万的应用程序）

下载本文档

ID 461940
格式 doc
大小 25.5 KB
约3页
收藏
点赞(0)
海报
举报

/ 3

下载本文档

Baidudisclosureofusercodeisassignedtocollectdata:ImpactthousandsofapplicationsResearchpapersDownloadNews:BeijingFebruary24morningnews,accordingtoReuters,theresearchersfound,therearethousandsofapplicationsrunningBaiducodewillcollectusers’personalinformation,andsendittoBaidu,ofwhichMuchoftheinformationcaneasilybeintercepted.Totaldownloadsoftheseapplicationshasreachedhundredsofmillionsoftimes.CanadianCitizenLabresearcherssaidtheyfoundtheprobleminthedevelopmentofBaiduAndroidsoftwaredevelopmentkit,affected,includingBaidumobilebrowserandapplication,andtheapplicationofothercompaniesusethesesoftwaredevelopmentkitdevelopment.Baidu’sWindowsExplorerequallyaffected.CitizenLabresearcherslastyearfortheUCbrowserAlibabaraisedsimilarissues.Alibabahassincecorrectedtheseproblems,butBaidutoldReutersthatthecompany1willreviseencryptionvulnerabilitiesinitssoftwaredevelopmentkit,butwillcontinuetocollectuserdataandusedforcommercialpurposes,somedatasharedwiththirdparties.CitizenLabchiefresearcherJeffreyNuoKeer(JeffreyKnockel)beforetheconclusionofthestudyreleasedWednesdaysaidtheunencryptedinformationincludingtheuser’sgeographiclocation,keywordsearchandsitevisitrecords.Thisproblemindicatesthattheuserisdifficulttoknowwhichofyourphonedataiscollectedandsharedapplicationvendors,butiftheencryptionalgorithmisnotstrongenough,ornoencryptionalgorithm,andindeedtheriskofleakageofpersonaldataexists.Thisalsoshowsthatmanyinterestgroupsareveryinterestedinthesedata.‘Eitherpoorlydesignedorintentional.’CitizenLabdirectorRonDaiBote(RonDeibert)said.CitizenLabsaidthatsinceNovemberlastyear,theagencywillinformBaidu,thecompanyhasfixedsomeoftheproblems,butBaidu’sAndroidbrowserwillcontinuetobeaveryeasywaytosendthedecryptiondeviceID2andothersensitivedata.BaidutoldReutersthatthecompany’sinterestinthedataislimitedtothecommerciallevel,butdeclinedtosayexactlywhocanobtainthesedata.DatasecurityandprivacyissueshavesparkedwidespreadconcernintheUnitedStates,‘AppletochallengetheFBI’isatypicalcase:FBIaskedAppletounlockashootingsuspect’siPhone,butApplewasrejected.TheresearcherssaidtherewasstillunabletodeterminehowmanypeopleareaffectedbythisissueBaidu.SomesoftwaredevelopersinChina,saidthelackofencryptionalgorithmisaverycommonsituation,aweaktoacertainextentfromthemarket’srapidgrowthandsafetyawareness.ApplicationdevelopersCloudZhaopinCEOTianXingzhisaid:‘Thisisreallyverypainful,butitisgrowingpains.’(Source:SinaTechnologyWen/BookYu)3

1、当您付费下载文档后，您只拥有了使用权限，并不意味着购买了版权，文档只能用于自身使用，不得用于其他商业用途（如 [转卖]进行直接盈利或[编辑后售卖]进行间接盈利）。
2、本站不对文档的完整性、权威性及其观点立场正确性做任何保证或承诺！文档内容仅供参考，付费前请自行鉴别。
3、如文档内容存在侵犯商业秘密、侵犯著作权等，请点击“举报”。