- Jan 24, 2011
- 9,378
Two security firms have confirmed that the Maxthon web browser collects sensitive user information and sends it to its servers, even if the users opts out of such behavior.
According to reports from Exatel and Fidelis Cybersecurity, the issue resides in the current implementation of User Experience Improvement Program (UEIP), a feature included with Maxthon browsers.
UEIP lets the browser manufacturer collect analytics information about how users utilize the browser. All browsers do it, including the big ones such as Firefox and Chrome, but to a certain extent.
Collecting more data than normally needed
Exatel and Fidelis claim that Maxthon is collecting more information that what would normally be considered acceptable.
The list includes OS version, screen resolution, CPU type, CPU speed, amount of memory installed, location of the Maxthon executable, ad blocker status, browser homepage URL, the user's entire browser history, all of his Google searches, and a list of other applications installed on his system, including their version numbers.
Exatel says it found all of this data inside a file called ueipdat.zip, sent regularly from the user's browser via HTTP to Maxthon's servers in China.
Inside this ZIP, researchers found an encrypted file called dat.txt. Exatel says it was able to crack the encryption, an AES-128-ECB cipher, using the passphrase eu3o4[r04cml4eir, found hard-coded inside the Maxthon browser's binary. Dat.txt contained all the data mentioned above.
Read more: Maxthon Browser Collects Sensitive Data Even If Users Opt Out
According to reports from Exatel and Fidelis Cybersecurity, the issue resides in the current implementation of User Experience Improvement Program (UEIP), a feature included with Maxthon browsers.
UEIP lets the browser manufacturer collect analytics information about how users utilize the browser. All browsers do it, including the big ones such as Firefox and Chrome, but to a certain extent.
Collecting more data than normally needed
Exatel and Fidelis claim that Maxthon is collecting more information that what would normally be considered acceptable.
The list includes OS version, screen resolution, CPU type, CPU speed, amount of memory installed, location of the Maxthon executable, ad blocker status, browser homepage URL, the user's entire browser history, all of his Google searches, and a list of other applications installed on his system, including their version numbers.
Exatel says it found all of this data inside a file called ueipdat.zip, sent regularly from the user's browser via HTTP to Maxthon's servers in China.
Inside this ZIP, researchers found an encrypted file called dat.txt. Exatel says it was able to crack the encryption, an AES-128-ECB cipher, using the passphrase eu3o4[r04cml4eir, found hard-coded inside the Maxthon browser's binary. Dat.txt contained all the data mentioned above.
Read more: Maxthon Browser Collects Sensitive Data Even If Users Opt Out
