When Textbook RSA is Used to Protect the Privacy of Hundreds of Millions of Users.

We evaluate Tencent's QQ Browser, a popular mobile browser in China with hundreds of millions of users---including 16 million overseas, with respect to the threat model of a man-in-the-middle attacker with state actor capabilities. This is motivated by information in the Snowden revelations suggesting that another Chinese mobile browser, UC Browser, was being used to track users by Western nation-state adversaries. Among the many issues we found in QQ Browser that are presented in this paper, the use of "textbook RSA"---that is, RSA implemented as shown in textbooks, with no padding---is particularly interesting because it affords us the opportunity to contextualize existing research in breaking textbook RSA. We also present a novel attack on QQ Browser's use of textbook RSA that is distinguished from previous research by its simplicity. We emphasize that although QQ Browser's cryptography and our attacks on it are very simple, the impact is serious. Thus, research into how to break very poor cryptography (such as textbook RSA) has both pedagogical value and real-world impact.