maxthon Maxthon Browser Sends Sensitive Data to China

[vissha]

Maxthon Browser Sends Sensitive Data to China

 

 

Security experts have discovered that the Maxthon web browser collects sensitive information and sends it to a server in China. Researchers warn that the harvested data could be highly valuable for malicious actors.

 

Developed by China-based Maxthon International, the browser is available for all major platforms in more than 50 languages. In 2013, after the NSA surveillance scandal broke, the company boasted about its focus on privacy and security, and the use of strong encryption.

 

Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online searches), and installed applications and their version number.

 

While dat.txt is encrypted, experts easily found the key needed to decrypt it, giving them access to the information. Exatel researchers demonstrated how a man-in-the-middle (MitM) attacker could intercept the data as it travels from the client to the Maxthon server in China.

 

The ueipdata.zip file is created and sent to Maxthon servers as part of the company’s User Experience Improvement Program (UEIP). The role of the program is to help the developer understand its users’ needs and deliver better products and services. The vendor claims the program is voluntary and “totally anonymous.”

 

However, as experts discovered, the data is being collected even if users opt out of the UEIP. They are concerned that the information on browsing habits and the installed applications could be highly valuable for a malicious actor looking to conduct a targeted attack.

 

“Essentially, the information that is being transmitted back contains almost everything you would want in conducting a reconnaissance operation to know exactly where to attack. Knowing the exact operating system and installed applications, and browsing habits it would be trivial to send a perfectly crafted spearphish to the victim or perhaps set up a watering hole attack on one of their most frequented websites,” explained Fidelis Cybersecurity CSO Justin Harvey.

 

Some Maxthon customers who noticed that the ueipdata.zip file is created even when they opt out of the UEIP asked the company for clarifications. The vendor’s representatives said they only collect “basic data” when the feature is disabled – as opposed to “sensitive data” harvested when UEIP is enabled. However, according to researchers, sensitive data is sent to China regardless of how UEIP is configured.

 

Exatel said it contacted Maxthon about its findings, but it hasn’t heard back from the vendor. Experts have tested the latest version of the web browser and determined that it still transmits the data even if UEIP is disabled. SecurityWeek has reached out to Maxthon for comment.

 

This is not the first time researchers have raised concerns about web browsers developed by Chinese companies. Experts at the University of Toronto’s Citizen Lab have identified security and privacy issues in several popular Chinese browsers, including QQ Browser, UC Browser and Baidu Browser.

 

Source

Alternate Source - Softpedia

 

[steven36]

Whats new i warned people  about it last year even , I already knew this

[TheMountain]

Just what we don't need anymore, MORE POINTLESS DICK WAVING.

[steven36]

1 hour ago, TheMountain said:

Just what we don't need anymore, MORE POINTLESS DICK WAVING.

I tell people stuff all the time and they don't believe me  and then when they figure out its the truth ,  they figure im not as crazy as they thought . If no one never told no one nothing we all be as dumb as a box of rocks . But  there are those who choose to stay dumb and it don't matter what you warn them they don't believe it . Witch category  do you fit in Joe ?

 

Any one can post links to software and recommend  it that's just promotion . But there are some of  us that knows how to test a product to see if it's hiding stuff we don't want  and a lot of software like this we know how to make it usable on our  machines were it want call home .

 

But it's most the time over most peoples heads.  I'm not going to start a self help class . I helped people on boards  from 2006-2011 do all kinds of stuff with software from crackers to noobs and really i didn't get nothing out of it  but respect from a few and jealously and disrespect  from many more than i got respect from  .

 

When you give people what they want..  everyone acts like there you're friend, but when you stop giving,  you find out who you're true friends are and everyone but a few really good people is out for themselves  .

[BEngEE]

@steven36 There are many smartasses, dumbasses wishing to be smart, and finally knowledge helpers aka the real deal. It's important to highlight previous findings that becomes public, even better if you can demonstrate earlier claims, that way, those who are not stupid can discern real people from real dick wavers. Keep up the good work, the investigations, and the knowledge sharing. I for one salute you. o7

[zigzag]

I trashed Avant Broswer, SlimBrowser

They are junk.

Firefox has HealthReport

Which browsers not selling your data?

[OrbingStorm]

I am concerned about opera browser.Does anyone know if its sending data to china yet?I suppose I could block it with the firewall maybe.

 

[pc71520]

17 hours ago, TheMountain said:

Just what we don't need anymore, MORE POINTLESS DICK WAVING.

Yeah, self-complacency in excess...

[steven36]

[pc71520]

===>

[avmad]

What's regarded as a 'safe' browser to use nowdays? I mainly use FF, but if a site doesn't want to work I use Maxthon. Very rarely though. Time to ditch it by the look of this.

I used to stay on top of security stuff but have become complacent lately, having far less time to spend on the pc. (I'm sure you've missed me )

[Kalju]

On 15/07/2016 at 0:50 AM, zigzag said:

I trashed Avant Broswer, SlimBrowser

They are junk.

Firefox has HealthReport

Which browsers not selling your data?

If You use Firefox, can disable permanently and for ever:

1. maintenance service
2. crash reporter
3. maintenanceservice installer

Simply open Firefox installatin directory and rename these three files:

1. crashreporter.exe to crashreporter_exe
2. maintenanceservice.exe to maintenanceservice_exe
3. maintenanceservice_installer.exe to maintenanceservice_installer_exe

If everything works, You can ignore them always. In my case it works till now perfectly.

---

PS! Cyberfox & Waterfox does not have these files.

[zigzag]

Recently Firefox crashed and frozen for me.

Cyberfox, Waterfox probably good alternatives.