25th USENIX Security Symposium has ended
Back To Schedule
Monday, August 8 • 4:00pm - 4:30pm
Privacy and Security Issues in BAT Web Browsers

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

In this position paper, we summarize our technical analysis of the security and privacy vulnerabilities in three web browsers developed by China’s three biggest web companies: UC Browser, QQ Browser and Baidu Browser; developed by UCWeb (owned by Alibaba), Tencent and Baidu, respectively. We found them to consistently contain sensitive data leaks and remote code execution vulnerabilities in their update processes. Despite the massive user bases of these browsers, particularly in China, there has been limited attention paid to the applications by the information security research community. This lack of attention is problematic, as it is known that the insecure transmission of personal user data by UC Browser has been used by the intelligence community to perform surveillance. We conclude by evaluating explanations for why this class of apps has such uniform security and privacy issues, and recommend researchers better engage software development companies in developing and newly industrialized economies.

avatar for Ron Deibert

Ron Deibert

Director, Citizen Lab, Professor, Political Science, Munk School of Global Affairs and Public Policy, University of Toronto
Ron Deibert, (O.C., O.Ont., PhD, University of British Columbia) is Professor of Political Science, and the founder and Director of the Citizen Lab at the Munk School of Global Affairs & Public Policy, University of Toronto. The Citizen Lab is an interdisciplinary laboratory focusing... Read More →

Monday August 8, 2016 4:00pm - 4:30pm PDT
Texas Ballroom 5-7

Attendees (1)