{
  "docId": "019dd923-622c-750b-8b96-2fbe642fbf78",
  "docSlug": "69cc18cfe079",
  "documentTitle": "NQ Mobile (NQ)",
  "authorId": "51_Muddy_Waters",
  "authorName": "Carson C. Block",
  "documentKindSlug": "research-note",
  "documentKindLabel": "Research note",
  "sourceTypeSlug": "short_seller",
  "sourceTypeLabel": "Short seller",
  "presentationDate": "2013-10-24 00:00:00",
  "orientation": "portrait",
  "aspectRatio": 0.77272725,
  "pageNumber": 34,
  "pageCount": 81,
  "prevPage": 33,
  "nextPage": 35,
  "slideType": "other",
  "function": "expose_contradiction",
  "density": "dense",
  "nDataPoints": 0,
  "notes": "Includes Wireshark packet capture screenshots as evidence of insecure data transmission to Chinese servers.",
  "elementsJson": [
    "paragraph",
    "screenshot",
    "footnote"
  ],
  "metadataConfidence": 0.9,
  "imagePath": null,
  "slideHref": "/slides/019dd923-622c-750b-8b96-2fbe642fbf78/34",
  "deckHref": "/decks/019dd923-622c-750b-8b96-2fbe642fbf78",
  "deckJsonHref": "/decks/019dd923-622c-750b-8b96-2fbe642fbf78.json",
  "deckAnchorHref": "/decks/019dd923-622c-750b-8b96-2fbe642fbf78#slide-34",
  "components": [
    {
      "bbox": null,
      "kind": "callout",
      "text": "The result is that NQ users are vulnerable to Man in the Middle (\"MITM\") attack, a technique wherein a hacker impersonates the NQ server and intercepts all of the above listed data the app broadcasts.",
      "attrs": null,
      "subkind": null,
      "toolName": "Visual emphasis",
      "toolSlug": "visual-emphasis",
      "confidence": null,
      "componentId": "019dd953-0935-737e-8dc9-94d26380acf6",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.18,
        "w": 0.7,
        "x": 0.15,
        "y": 0.69
      },
      "kind": "image",
      "text": "Detailed packet inspection showing HTTP payload",
      "attrs": null,
      "subkind": "screenshot",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "35e6399c-7a06-4ab6-bd25-d3e4ec1f22aa",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.15,
        "w": 0.7,
        "x": 0.15,
        "y": 0.49
      },
      "kind": "image",
      "text": "Wireshark capture showing data sent to NQ's server in China",
      "attrs": null,
      "subkind": "screenshot",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "e8736fdb-03b7-442b-96ad-5316778dc7ae",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.06,
        "w": 0.7,
        "x": 0.15,
        "y": 0.14
      },
      "kind": "paragraph",
      "text": "This means that all of the above user details are vulnerable to hackers sniffing the network between the user and NQ's Chinese servers, and the Chinese government. NQ sends the data as well to TalkingData.net, which is a Chinese data analytics service.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "03b4da68-5ac8-418f-9cfb-e0167858dc3b",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.7,
        "x": 0.15,
        "y": 0.34
      },
      "kind": "paragraph",
      "text": "By modifying their host file, our engineers were able to perform a MITM attack against themselves and discovered an additional special command that directs the application to download and execute any file from any server on the device.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "311655f9-ec76-414d-af6a-b3df40fac205",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.7,
        "x": 0.15,
        "y": 0.09
      },
      "kind": "paragraph",
      "text": "software that is installed and apps that are running in the phone, and information about analytics on your operation, your favorites, network connection and downloading.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "497cbcd5-2864-4106-92ec-7d3e1251a20a",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.05,
        "w": 0.7,
        "x": 0.15,
        "y": 0.4
      },
      "kind": "paragraph",
      "text": "Rounding out our analysis of the app / server communication protocol failures, we note that NQ does not sign its downloads. Without a digital signature, the user app has no way of authenticating the download or ensuring that it came from anyone other than NQ.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "a210139b-2579-48e8-b561-8d540f5dcaf7",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.12,
        "w": 0.7,
        "x": 0.15,
        "y": 0.21
      },
      "kind": "paragraph",
      "text": "When downloading data from the server, NQ does not use HTTPS or SSL. The result is that NQ users are vulnerable to Man in the Middle (\"MITM\") attack, a technique wherein a hacker impersonates the NQ server and intercepts all of the above listed data the app broadcasts. NQ does encrypt the data transmission from server to app, however it includes the key used to encrypt the data as a simple encoded string broadcast along with the payload, making the encryption nearly worthless.",
      "attrs": null,
      "subkind": "paragraph",
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "e8b4f763-0a1e-4da5-b0f0-0842cb034d9a",
      "frameworkName": null,
      "frameworkSlug": null
    },
    {
      "bbox": {
        "h": 0.02,
        "w": 0.2,
        "x": 0.15,
        "y": 0.89
      },
      "kind": "source-note",
      "text": "http://www.nq.com/privacy",
      "attrs": null,
      "subkind": null,
      "toolName": null,
      "toolSlug": null,
      "confidence": null,
      "componentId": "eabe8f8e-9eb1-4cd4-8a39-540d2351f3d3",
      "frameworkName": null,
      "frameworkSlug": null
    }
  ],
  "metrics": [],
  "tools": [],
  "frameworks": [],
  "arcBeats": [],
  "loops": [],
  "imagePathAlt": null,
  "thumbSrc": null,
  "thumbSrcAlt": null,
  "locked": true
}