A pair of Baidu applications on the Google Play Store were recently leaking users’ sensitive data that could be used to track users’ location, according to Palo Alto Networks’ Unit 42 research published Tuesday. Through reverse-engineering, the researchers at Unit 42, the research arm at Palo Alto Networks, found that both the Baidu Search Box and Baidu Maps applications used a software development kit (SDK) that would collect users’ MAC address, carrier information and international mobile subscriber identity (IMSI) number. It’s the kind of data that, if it were to fall into the wrong hands, could be used to stalk, monitor, or even harass an individual. IMSI numbers, for instance, could allow cybercriminals or state-linked actors to track someone, even if they switch to a new device, as IMSI numbers can be used to uniquely identify a user. Snoops using IMSI catchers, which imitate cell towers to capture a user’s location, have been known […]
The post Baidu apps in Google Play Store left users vulnerable to tracking, Palo Alto finds appeared first on CyberScoop.
Continue reading Baidu apps in Google Play Store left users vulnerable to tracking, Palo Alto finds→