This report documents a significant escalation in the suppression of security research by Ant Group. Following the discovery of 17 vulnerabilities in the Alipay mobile application (CVSS 7.4-9.3), researcher Jiqiang Feng of Innora AI faced legal threats and censorship. Despite initial rejection of a reputation infringement complaint, Ant Group successfully leveraged China's Cybersecurity Law to force the deletion of four technical articles from WeChat that detailed whitelist bypasses and silent GPS location exfiltration.
The underlying research has been acknowledged by over 38 institutions across 22 jurisdictions, including MITRE, Apple, Google, and the HKMA. While the vendor dismissed the findings as "normal functionality," independent bodies have accepted multiple CVEs. This case highlights a concerning pattern of legal retaliation against good-faith researchers and the server-side blocking of proof-of-concept traffic to stifle public disclosure.
Top comments (0)