The research approach is distasteful and dangerous. Any one should not introduce bugs or malicious code intentionally, even for research purpose. The results are also a bit trivial. It is easy to imagine that this type of code injection would be possible. So let this be an example of what is the consequence of intentional malicious code injection, even in the name of research.

I wish I could be on the researchers' side, as I am both Chinese and an alum from UMN. But No - wrong is wrong.