YIBADA

Findings Say Tencent's QQ Browser Is Unsecure: What It Means for Users

| Mar 31, 2016 07:08 AM EDT

Experts found security risks in Tencent's QQ Browser.

Experts warn China’s QQ Internet Browser users of security flaws found in Tencent’s software that leaves their personal information vulnerable to unauthorized access.

On Tuesday, the University of Toronto's Citizen Lab revealed QQ Web Browser's unsecure database and the possible risks it poses to users' personal information.

According to the group, Tencent's Web browser transmits information and data to servers with weak or no encryption, which means hackers can easily access them.

The warning about QQ comes after other reports that revealed similar vulnerabilities on two other Web browsers from Chinese Internet giants Alibaba and Baidu: the UC Browser and Baidu Browser.

Data Risk

During their analysis, the Citizen Lab found out that the browser still lacks security measures despite recent updates.

According to the Internet experts, they have submitted initial findings on the QQ Browser's vulnerabilities via its Security Response Center early in February.

The company responded quickly by rolling out updates on the browser's Windows and Android versions on March 14 and March 2, respectively.

However, after another set of analysis and testing, the Citizen Lab saw that even these updated versions remained unsecure from unauthorized access.

"The application collects and transmits personally identifiable data points in a manner that leaves this data vulnerable to surveillance by third parties," the group's report explained.

Furthermore, the group discovered that the deficiencies allow harmful applications such as malwares and spywares to easily enter the user's device.

"Most troubling is the fact that users would generally be unaware of these risks--unaware that such data is being collected and transmitted, and potentially unaware that a properly crafted malicious software update attack could lead to malicious code being installed on their devices," the report added.

Similar Cases

In May 2015, the same group found security vulnerabilities on Alibaba's UC Browser.

According to the report, the Citizen Lab found serious "security and privacy issues" in both the English and Chinese language versions of the UC Browser made for Android.

Some of the issues pointed out are the lack of encryption of the user's search queries, personal information and geolocation data.

Aside from that, they found that the user's private data is retained in the device where the UC Browser is used even after clearing the cache.

Last month, the Baidu Browser was subjected to the same analysis by the Citizen Lab and found similar issues with the browser's Android version 6.4.14.0 and Windows version 8.2.100.3090.

Future Implications

While all three companies emphasized that "there was no evidence that user data was ever taken," the group's findings revealed the risks for users of all three Web browsers.

According to The Wall Street Journal, the security deficiencies in all three browsers put the device's unique identifying number as well as the search terms in the address bar up for unauthorized access by third party entities, while both the Baidu and QQ Browsers put the user's PC hard drive serial number and Internet history at risk of interception.

Because of this, users like Di Jiang, a Guangzhou resident and regular Internet user, are calling for complete disclosure and explanation from the companies who manage the unsecure browsers.

"I want companies to tell me what kinds of data they collect, and why they collect," Di told WSJ.

Related News

Most Popular

EDITOR'S PICK