Maxthon sends sensitive data back to China

Will you stop using Maxthon browser?

  • Yes

    Votes: 5 55.6%

  • No

    Votes: 0 0.0%

  • Never heard of it

    Votes: 4 44.4%
  • Total voters
    9
  • Poll closed .
Status
Not open for further replies.
Ink

Ink

Administrator
Thread author
Verified
Staff Member
Well-known
Jan 8, 2011
22,361
Source: Maxthon Browser Sends Sensitive Data to China | SecurityWeek.Com

Researchers at Fidelis Cybersecurity and Poland-based Exatel recently found that Maxthon regularly sends a file named ueipdata.zip to a server in Beijing, China, via HTTP. Further analysis revealed that ueipdata.zip contains an encrypted file named dat.txt. This file stores information on the operating system, CPU, ad blocker status, homepage URL, websites visited by the user (including online searches), and installed applications and their version number.

While dat.txt is encrypted, experts easily found the key needed to decrypt it, giving them access to the information. Exatel researchers demonstrated how a man-in-the-middle (MitM) attacker could intercept the data as it travels from the client to the Maxthon server in China.
Click to expand...

This is not the first time researchers have raised concerns about web browsers developed by Chinese companies. Experts at the University of Toronto’s Citizen Lab have identified security and privacy issues in several popular Chinese browsers, including QQ Browser, UC Browserand Baidu Browser.
 
  • Like
Reactions: DardiM, jogs, frogboy and 6 others
Noxx

Noxx

Level 3
Verified
Jul 13, 2016
123
I used Maxthon very briefly, and the UI was ugly and it ran slow. This just reaffirms why I'll never touch it again.
 
  • Like
Reactions: DardiM and kev216
Exterminator

Exterminator

Community Manager
Verified
Staff Member
Well-known
Oct 23, 2012
12,527
Two security firms have confirmed that the Maxthon web browser collects sensitive user information and sends it to its servers, even if the users opts out of such behavior.

According to reports from Exatel and Fidelis Cybersecurity, the issue resides in the current implementation of User Experience Improvement Program (UEIP), a feature included with Maxthon browsers.

UEIP lets the browser manufacturer collect analytics information about how users utilize the browser. All browsers do it, including the big ones such as Firefox and Chrome, but to a certain extent.

Collecting more data than normally needed
Exatel and Fidelis claim that Maxthon is collecting more information that what would normally be considered acceptable.

The list includes OS version, screen resolution, CPU type, CPU speed, amount of memory installed, location of the Maxthon executable, ad blocker status, browser homepage URL, the user's entire browser history, all of his Google searches, and a list of other applications installed on his system, including their version numbers.

Exatel says it found all of this data inside a file called ueipdat.zip, sent regularly from the user's browser via HTTP to Maxthon's servers in China.

Inside this ZIP, researchers found an encrypted file called dat.txt. Exatel says it was able to crack the encryption, an AES-128-ECB cipher, using the passphrase eu3o4[r04cml4eir, found hard-coded inside the Maxthon browser's binary. Dat.txt contained all the data mentioned above.

A bug or an intentional design?
Maxthon did not directly reply to Exatel's inquiries, but users confronted the company on its forum. Here, a Maxthon rep responded by saying that when users opt in the UEIP program, the browser collects all the above sensitive data, but when they opt out, it only collects basic data regarding the browser's status, but not any user-specific information.

According to Exatel and Fidelis, this is not true, and in their tests, after opting out, the Maxthon browser kept sending the same data to the browser maker's servers.

Softpedia has reached out to Maxthon's representatives, extending them the courtesy of answering this criticism in the public forum.

Previously, security and privacy researchers from Citizen Lab have discovered a similar behavior in other Chinese browsers such as QQ Browser (March 2016), Baidu Browser (February 2016), and UC Browser (May 2015).
Click to expand...
 
  • Like
Reactions: DardiM, jogs, kev216 and 1 other person
jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Maxthon being free is surely prone for possible privacy collection mechanism in order to have revenues.

+ Considering the location (China based) therefore the rest are already history. ;)
 
  • Like
Reactions: DardiM and kev216
jogs

jogs

Level 22
Verified
Top Poster
Well-known
Nov 19, 2012
1,113
These kind of companies are bringing a bad name to Chinese software industry. It had become really difficult to differentiate good companies from the bad ones, so even if there is a good company it will be looked with a bad eye. Its high time that Chinese companies stop doing these kind of activities. Without that Chinese software companies will never be able to become world class companies.
 
  • Like
Reactions: DardiM
Status
Not open for further replies.

Similar threads

silversurfer
    • Like
    • Applause
New Update Opera adds free VPN to Opera for iOS
Replies
0
Views
438
Opera
silversurfer
silversurfer
CyberTech
    • Like
    • Wow
    • HaHa
PSA: Chinese UC Browser on iOS harvests your data even in incognito mode
Replies
3
Views
1,243
News Archive
Marko :)
Marko :)
upnorth
    • Like
    • +Reputation
Malware Analysis Manjusaka : A Chinese sibling of Sliver and Cobalt Strike
Replies
0
Views
742
Malware Analysis
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top