[back to "Table of contents"]
Several articles carried this.
- Title: A Probe into the Malicious Chargeback Associated with QIHU 360 Tools: User Information Leaked: Google Translation, here; original, here. Professional translation below:
"Recently, the vulnerability in the Android OS revealed the large-scale malfunction of Alipay accounts to which QIHU360 turned a deaf ear. According to Cloud Dataset, in the Android OS, data saved in SD card is accessed as a plain text, which proves a significant safety risk. Users installed with QIHU360 or other malwares are exposed to a highly possible leakage of user information."
This article includes a stinging conclusion:
"Zhou Hongwei gets himself involved in mobile Internet in a rush way and feels proud of its model which goes like this: users are charged for traffic and ad bills through embedded software in phones. A phone with such embedment works in the same way as PC with a "backdoor", which offers a sound ground why credit card information is uploaded without users' knowledge. The recently frequently occurred online shopping security incidents are attributable to the same cause, or the risk of information leakage associated with QIHU360 tools."
- This excerpt was taken from a related article on Xiaomi and found on People.com.cn: Google Translation, here; original, here. Professional translation below:
"… Qihoo 360 security protocols exposed user information by uploading it to the server, allowing Google and other search engines to crawl through them. This led to hackers taking advantage of the information, leading to an explosion of a wide range of security issues like credit card charges, PayPal account abnormalities, etc. This has led to a high level of social concern for user privacy."
This article details a widely published micro-blog, which still appears in recent articles illustrating the problem.
"Last month, a microblog user said that there was a malicious outward transaction of his credit card due to an installed password vault on its phone. According to the user, his phone is WP7 based, with an installation of 360 Password Vault. It is believed that user information has been automatically uploaded, leading to a charge of $40 of its credit card."
the microblog user image below:
Translation of the microblog:
@Brother Lin Shi @Numbers Tail @WP7 Global Gathering @WP7 Micro-fans Network, confirmation needed!!! Could you all please help me to confirm whether WP's app <<360 Passwords Safe>> has within its software code any malicious code for uploading user information? Because my Business Credit Card was debited just now at 21:30 for 40 US Dollars by someone!! It's US Dollars!! I've never revealed to anyone my password information, except for this purpose (the app)...I would not spend US Dollars! :(
"According to an expert, the leakage of log in credential is to be blamed for the charge of its CMB credit card. No other security application except 360 Password Vault was installed on the phone. In other word, the user information has been intentionally uploaded by the tool. Such user information based profit model is often called as 'backdoor'."
The article ends with a reminder a charge made years back by "Rising" security software
"As early as 2010, Rising revealed the "backdoor" in the tools of QIHU360. The codes have been verified by professionals in the industry, witnessing the existence of backdoors in its tools."
To this day Rising still accuses Qihoo of having planted "backdoors" in its software. (Here)
[back to "Table of contents"]
Disclosure: I am short QIHU.