Hyper Estraier @ www.gnu.org

phrase:
attribute:
attribute:
attribute:
order:
per page:
clip:
action:

Results of 0 - 1 of about 0 (0.001 sec.)

/proprietary/malware-appliances.html-diff: @digest: 3a8bab1f0c159a7f18d81bdbac714327; @id: 113553; @lang: en; @mdate: 2019-05-08T15:01:36Z; @size: 88347; @type: text/html; content-type: text/html; charset=utf-8; #keywords: techdirt (19094), vizio (15827), smart (14373), arstechnica (14222), samsung (11948), hospital (11850), watching (9664), theguardian (8936), cameras (8635), tvs (8377), appliances (8013), consent (8013), href (7512), li (7502), security (7410), backdoor (7059), vulnerable (7056), malware (6936), manufacturer (6624), camera (6327), surveillance (6301), customers (6175), devices (6027), https (5085), technology (4721), company (4030), internet (3766), amazon (3608), tv (3347), watch (3324), com (3115), http (2954);    <title>Malware in Appliances - GNU Project - Free Software Foundation</title>   <h2>Malware in Appliances</h2> <a href="/proprietary/proprietary.html">Other examples of proprietary malware</a> <div class="highlight-para"> class="comment"> Malware means software designed to function in ways that mistreat or harm the user. (This does not include accidental errors.) Malware and nonfree software are two different issues. The difference between <a href="/philosophy/free-sw.html">free software</a> and nonfree software is in <a href="/philosophy/free-software-even-more-important.html"> whether the users have control of the program or vice versa</a>. It's not directly a question of what the program does when it runs. However, in practice nonfree software is often malware, because the developer's awareness that the users would be powerless to fix any malicious functionalities tempts the developer to impose some. </div> Here are Some examples of malware in appliances. <ul> <li id="nest-thermometers"> Nest thermometers send <a href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot appliances are listed below. <div class="important"> If you know of data about the user</a>. </li> <li> A remote-control sex toy was found an example that ought to be in this page but isn't here, please write to make <a href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio recordings of href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include the conversation between two users</a>. </li> <li> Every “home security” camera, if its manufacturer can communicate with it, is URL of a surveillance device. <a href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change"> Canary camera is an example</a>. trustworthy reference or two to serve as specific substantiation. </div> </div> <div class="column-limit" id="malware-appliances"></div> <ul class="blurbs"> <li id="M201904260"> The article describes wrongdoing by Jibo robot toys were tethered to the manufacturer, based on manufacturer's server, and <a href="https://www.apnews.com/99c9ec8ebad242ca88178e22c7642648"> the fact company made them all cease to work</a> by shutting down that server. The shutdown might ironically be good for their users, since the device is tethered product was designed to manipulate people by presenting a server. <a href="/proprietary/proprietary-tethers.html">More about proprietary tethering</a>. But it also demonstrates phony semblance of emotions, and was most certainly spying on them. </li> <li id="M201903210"> The Medtronics Conexus Telemetry Protocol has <a href="http://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/"> two vulnerabilities that affect several models of implantable defibrillators</a> and the device gives devices they connect to. This protocol has been around since 2006, and similar vulnerabilities were discovered in an earlier Medtronics communication protocol in 2008. Apparently, nothing was done by the company surveillance capability. to correct them. This means you can't rely on proprietary software developers to fix bugs in their products. </li> <li> A “smart” intravenous pump <li id="M201902270"> The Ring (now Amazon) doorbell camera is designed for hospitals so that the manufacturer (now Amazon) can watch all the time. Now it turns out that <a href="https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/"> anyone else can also watch, and fake videos too</a>. The third party vulnerability is connected presumably unintentional and I suppose Amazon will fix it. I do not expect Amazon to change the internet. Naturally <a href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml"> its security has been cracked</a>. Note design that this article misuses the term <a href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a> referring href="/proprietary/proprietary-surveillance.html#M201901100">allows Amazon to crackers. watch</a>. </li> <li> <li id="M201902080"> The bad security in many Internet of Stings devices allows HP <a href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs href="https://boingboing.net/2019/02/08/inkjet-dystopias.html"> “ink subscription” cartridges have DRM that constantly communicates with HP servers</a> to snoop on make sure the people that use them</a>. Don't be a sucker—reject all the stings. It user is unfortunate that still paying for the article uses subscription, and hasn't printed more pages than were paid for. Even though the term <a href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>. </li> <li> Many models of Internet-connected cameras are tremendously insecure. They have login accounts with hard-coded passwords, which can't ink subscription program may be changed, and <a href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">there is no way to delete these accounts either</a>. </li> <li> The proprietary code that runs pacemakers, insulin pumps, cheaper in some specific cases, it spies on users, and other medical devices is <a href="http://www.bbc.co.uk/news/technology-40042584"> full involves totally unacceptable restrictions in the use of gross security faults</a>. ink cartridges that would otherwise be in working order. </li> <li>Users are suing Bose for <li id="M201901100"> Amazon Ring “security” devices <a href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/"> distributing a spyware app for its headphones</a>. Specifically, the app would record the names of href="https://www.engadget.com/2019/01/10/ring-gave-employees-access-customer-video-feeds/"> send the audio files users listen video they capture to along with Amazon servers</a>, which save it long-term. In many cases, the headphone's unique serial number. The suit accuses video shows everyone that this was done without the users' consent. If comes near, or merely passes by, the fine print of user's front door. The article focuses on how Ring used to let individual employees look at the app said that users gave consent for this, would that make it acceptable? No way! videos freely. It should be flat out <a href="/philosophy/surveillance-vs-democracy.html"> illegal appears Amazon has tried to design prevent that secondary abuse, but the app primary abuse—that Amazon gets the video—Amazon expects society to snoop at all</a>. surrender to. </li> <li id="anova"> Anova sabotaged users' cooking devices with a downgrade that tethered them to a remote server. id="M201901070"> Vizio TVs <a href="https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/#more-10275062">Unless users create an account on Anova's servers, their cookers won't function.</a> </li> <li> When Miele's Internet href="https://www.theverge.com/2019/1/7/18172397/airplay-2-homekit-vizio-tv-bill-baxter-interview-vergecast-ces-2019"> collect “whatever the TV sees,”</a> in the own words of Stings hospital disinfectant dishwasher the company's CTO, and this data is <a href="https://motherboard.vice.com/en_us/article/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">connected sold to the Internet, its security third parties. This is crap</a>. For example, a cracker can gain access in return for “better service” (meaning more intrusive ads?) and slightly lower retail prices. What is supposed to the dishwasher's filesystem, infect it with malware, and force the dishwasher make this spying acceptable, according to launch attacks on other devices him, is that it is opt-in in newer models. But since the network. Since these dishwashers are used in hospitals, such attacks could potentially put hundreds of lives at risk. </li> <li> Vizio software is nonfree, we don't know what is actually happening behind the scenes, and there is no guarantee that all future updates will leave the settings unchanged. If you buy already own a used “smart” car, house, Vizio smart TV (or any smart TV, refrigerator, etc., usually <a href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the previous owners can still remotely control it</a>. </li> <li> Vizio “smart” <a href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs report everything for that is viewed matter), the easiest way to make sure it isn't spying on them, you is to disconnect it from the Internet, and use a terrestrial antenna instead. Unfortunately, this is not just broadcasts and cable</a>. Even always possible. Another option, if the image you are technically oriented, is coming from the user's to get your own computer, the TV reports what it is. The existence of router (which can be an old computer running completely free software), and set up a way firewall to disable the surveillance, even if it were not hidden block connections to Vizio's servers. Or, as it was in these TVs, does not legitimize the surveillance. a last resort, you can replace your TV with another model. </li> <li> More or less <li id="M201810300"> Nearly all “smart” TVs “home security cameras” <a href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy on their users</a>. The report was as href="https://www.consumerreports.org/privacy/d-link-camera-poses-data-security-risk--consumer-reports-finds/"> give the manufacturer an unencrypted copy of 2014, but we don't expect this has got better. This shows everything they see</a>. “Home insecurity camera” would be a better name! When Consumer Reports tested them, it suggested that laws requiring products these manufacturers promise not to get users' formal consent before collecting personal data are totally inadequate. And what happens if a user declines consent? Probably look at what's in the TV will say, “Without videos. That's not security for your consent home. Security means making sure they don't get to tracking, the TV will not work.” Proper laws would say that TVs see through your camera. </li> <li id="M201810150"> Printer manufacturers are not allowed to report what very innovative—at blocking the user watches — no exceptions! </li> <li> Some LG TVs use of independent replacement ink cartridges. Their “security upgrades” occasionally impose new forms of cartridge DRM. <a href="http://openlgtv.org.ru/wiki/index.php/Achievements">are tyrants</a>. href="https://motherboard.vice.com/en_us/article/pa98ab/printer-makers-are-crippling-cheap-ink-cartridges-via-bogus-security-updates"> HP and Epson have done this</a>. </li> <li><a href="http://wiki.samygo.tv/index.php5/SamyGO_for_DUMMIES#What_are_Restricted_Firmwares.3F"> Samsung “Smart” TVs <li id="M201809260"> Honeywell's “smart” thermostats communicate only through the company's server. They have turned Linux into all the base for a tyrant system</a> so as to impose DRM. What enables Samsung to do this is that Linux is released under GNU GPL version 2, nasty characteristics of such devices: <a href="/licenses/rms-why-gplv3.html">not version 3</a>, together with href="https://www.businessinsider.com/honeywell-iot-thermostats-server-outage-2018-9"> surveillance, and danger of sabotage</a> (of a weak interpretation specific user, or of GPL version 2. </li> <li> A company that makes internet-controlled vibrators <a href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit">is being sued for collecting lots all users at once), as well as the risk of personal information about how people use it</a>. The company's statement that it anonymizes an outage (which is what just happened). In addition, setting the data may be true, but it doesn't really matter. If desired temperature requires running nonfree software. With an old-fashioned thermostat, you can do it sells using controls right on the data thermostat. </li> <li id="M201809240"> Researchers have discovered how to <a href="http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co"> hide voice commands in other audio</a>, so that people cannot hear them, but Alexa and Siri can. </li> <li id="M201807050"> The Jawbone fitness tracker was tethered to a data broker, proprietary phone app. In 2017, the data broker can figure out who company shut down and made the user is. </li> <li> Google/Alphabet app stop working. <a href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be"> intentionally broke Revolv home automatic control products that depended href="https://www.theguardian.com/technology/2018/jul/05/defunct-jawbone-fitness-trackers-kept-selling-after-app-closure-says-which">All the existing trackers stopped working forever</a>. The article focuses on a server</a> further nasty fillip, that sales of the broken devices continued. But I think that is a secondary issue; it made the nasty consequences extend to function. some additional people. The lesson is, don't stand for that! Insist fundamental wrong was to design the devices to depend on self-contained computers something else that run free software! didn't respect users' freedom. </li> <li> ARRIS cable modem has a <li id="M201804140"> A medical insurance company <a href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1"> backdoor in href="https://wolfstreet.com/2018/04/14/our-dental-insurance-sent-us-free-internet-connected-toothbrushes-and-this-is-what-happened-next"> offers a gratis electronic toothbrush that snoops on its user by sending usage data back over the backdoor</a>. Internet</a>. </li> <li> HP “storage appliances” that use the proprietary “Left Hand” operating system have back doors that give HP <li id="M201804010"> Some “Smart” TVs automatically <a href="https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/"> remote login access</a> to them. HP claims href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928"> load downgrades that this does not give HP access install a surveillance app</a>. We link to the customer's data, but if article for the back door allows installation of software changes, a change could be installed facts it presents. It is too bad that would give access to the customer's data. </li> <li> <a href="http://www.itworld.com/article/2705284/data-protection/backdoor-found-in-d-link-router-firmware-code.html"> Some D-Link routers</a> have a back door for changing settings in a dlink of an eye. <a href="https://github.com/elvanderb/TCP-32764">Many models article finishes by advocating the moral weakness of routers have back doors</a>. </li> <li> <a href="http://sekurak.pl/tp-link-httptftp-backdoor/"> surrendering to Netflix. The TP-Link router has a backdoor</a>. Netflix app <a href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is malware too</a>. </li> <li> The <li id="M201802120"> Apple devices lock users in <a href="http://michaelweinberg.org/post/137045828005/free-the-cube"> “Cube” 3D printer was href="https://gizmodo.com/homepod-is-the-ultimate-apple-product-in-a-bad-way-1822883347"> solely to Apple services</a> by being designed to be incompatible with DRM</a>: it won't accept third-party printing materials. It is all other options, ethical or unethical. </li> <li id="M201712240"> One of the Keurig dangers of printers. Now it the “internet of stings” is being discontinued, which means that eventually authorized materials won't that, if you lose your internet service, you also <a href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/"> lose control of your house and appliances</a>. For your safety, don't use any appliance with a connection to the real internet. </li> <li id="M201711200"> Amazon recently invited consumers to be available suckers and <a href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo"> allow delivery staff to open their front doors</a>. Wouldn't you know it, the printers may become unusable. With system has a grave security flaw. </li> <li id="M201711100"> A remote-control sex toy was found to make <a href="http://www.fsf.org/resources/hw/endorsement/aleph-objects"> printer that gets href="https://www.theverge.com/2017/11/10/16634442/lovense-sex-toy-spy-survei">audio recordings of the Respects Your Freedom</a>, conversation between two users</a>. </li> <li id="M201711080"> Logitech will sabotage all Harmony Link household control devices by <a href="https://arstechnica.com/gadgets/2017/11/logitech-to-shut-down-service-and-support-for-harmony-link-devices-in-2018/"> turning off the server through which the products' supposed owners communicate with them</a>. The owners suspect this problem would not even be is to pressure them to buy a remote possibility. How pitiful that the author of newer model. If they are wise, they will learn, rather, to distrust any product that requires users to talk with them through some specialized service. </li> <li id="M201710040"> Every “home security” camera, if its manufacturer can communicate with it, is a surveillance device. <a href="https://www.theverge.com/circuitbreaker/2017/10/4/16426394/canary-smart-home-camera-free-service-update-change"> Canary camera is an example</a>. The article says describes wrongdoing by the manufacturer, based on the fact that there was “nothing wrong” with designing the device to restrict users in the first place. This is like putting tethered to a “cheat me and mistreat me” sign on your chest. We should know better: we should condemn all companies that take advantage of people like him. Indeed, server. <a href="/proprietary/proprietary-tethers.html">More about proprietary tethering</a>. But it also demonstrates that the device gives the company surveillance capability. </li> <li id="M201709200"> A “smart” intravenous pump designed for hospitals is connected to the acceptance of their unjust practice internet. Naturally <a href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml"> its security has been cracked</a>. Note that teaches people this article misuses the term <a href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a> referring to be doormats. crackers. </li> <li> Philips “smart” lightbulbs <li id="M201708280"> The bad security in many Internet of Stings devices allows <a href="https://www.techdirt.com/articles/20151214/07452133070/lightbulb-drm-philips-locks-purchasers-out-third-party-bulbs-with-firmware-update.shtml"> have been designed not href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs to interact with other companies' smart lightbulbs</a>. If snoop on the people that use them</a>. Don't be a product is “smart”, and you didn't build it, it sucker—reject all the stings. It is cleverly serving its manufacturer against you. </li> <li> <a href="http://web.archive.org/web/20131007102857/http://www.nclnet.org/technology/73-digital-rights-management/124-whos-driving-the-copyright-laws-consumers-insist-on-the-right-to-back-it-up"> DVDs and Bluray disks have DRM</a>. That page uses spin terms unfortunate that favor DRM, including the article uses the term <a href="/philosophy/words-to-avoid.html#DigitalRightsManagement"> digital “rights” management</a> and href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>. </li> <li id="M201708230"> Sonos <a href="/philosophy/words-to-avoid.html#Protection">“protect”</a>, href="http://www.zdnet.com/article/sonos-accept-new-privacy-policy-speakers-cease-to-function/"> told all its customers, “Agree” to snooping or the product will stop working</a>. <a href="https://www.consumerreports.org/consumerist/sonos-holds-software-updates-hostage-if-you-dont-sign-new-privacy-agreement/"> Another article</a> says they won't forcibly change the software, but people won't be able to get any upgrades and eventually it claims that “artists” (rather than companies) are primarily responsible for putting digital restrictions management into these disks. Nonetheless, it is will stop working. </li> <li id="M201708040"> While you're using a reference for the facts. Every Bluray disk (with few, rare exceptions) has DRM—so don't use Bluray disks! DJI drone to snoop on other people, DJI is in many cases <a href="https://www.theverge.com/2017/8/4/16095244/us-army-stop-using-dji-drones-cybersecurity">snooping on you</a>. </li> <li id="cameras-bugs"> Over 70 brands id="M201706200"> Many models of network-connected surveillance Internet-connected cameras are tremendously insecure. They have login accounts with hard-coded passwords, which can't be changed, and <a href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"> security bugs that allow anyone href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">there is no way to watch through them</a>. delete these accounts either</a>. </li> <li> Samsung's “Smart Home” has a big security hole; <a href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/"> unauthorized people can remotely control it</a>. Samsung claims that this is an “open” platform so the problem is partly the fault of app developers. That is clearly true if the apps are <li id="M201705250"> The proprietary software. Anything whose name is “Smart” code that runs pacemakers, insulin pumps, and other medical devices is most likely going to screw you. </li> <li> Malware found on <a href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html"> href="http://www.bbc.co.uk/news/technology-40042584"> full of gross security cameras available through Amazon</a>. A camera that records locally on physical media, faults</a>. </li> <li id="M201705180"> Bird and has no network connection, does not threaten people with surveillance—neither rabbit pets were implemented for Second Life by watching people through a company that tethered their food to a server. <a href="https://www.rockpapershotgun.com/2017/05/19/second-life-ozimals-pet-rabbits-dying"> It shut down the camera, nor through malware in server and the camera. pets more or less died</a>. </li> <li> <li id="M201704190"> Users are suing Bose for <a href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/"> FitBit fitness trackers have href="https://www.washingtonpost.com/news/the-switch/wp/2017/04/19/bose-headphones-have-been-spying-on-their-customers-lawsuit-claims/"> distributing a Bluetooth vulnerability</a> that allows attackers to send malware spyware app for its headphones</a>. Specifically, the app would record the names of the audio files users listen to along with the headphone's unique serial number. The suit accuses that this was done without the users' consent. If the fine print of the app said that users gave consent for this, would that make it acceptable? No way! It should be flat out <a href="/philosophy/surveillance-vs-democracy.html"> illegal to design the app to snoop at all</a>. </li> <li id="M201704120"> Anova sabotaged users' cooking devices with a downgrade that tethered them to a remote server. <a href="https://web.archive.org/web/20170415145520/https://consumerist.com/2017/04/12/anova-ticks-off-customers-by-requiring-mandatory-accounts-to-cook-food/">Unless users create an account on Anova's servers, their cookers won't function</a>. </li> <li id="M201703270"> When Miele's Internet of Stings hospital disinfectant dishwasher is <a href="https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit"> connected to the Internet, its security is crap</a>. For example, a cracker can gain access to the dishwasher's filesystem, infect it with malware, and force the dishwasher to launch attacks on other devices in the network. Since these dishwashers are used in hospitals, such attacks could potentially put hundreds of lives at risk. </li> <li id="M201703140"> A computerized vibrator <a href="https://www.theguardian.com/technology/2016/aug/10/vibrator-phone-app-we-vibe-4-plus-bluetooth-hack"> was snooping on its users through the proprietary control app</a>. The app was reporting the temperature of the vibrator minute by minute (thus, indirectly, whether it was surrounded by a person's body), as well as the vibration frequency. Note the totally inadequate proposed response: a labeling standard with which manufacturers would make statements about their products, rather than free software which users could have checked and changed. The company that made the vibrator <a href="https://www.theguardian.com/us-news/2016/sep/14/wevibe-sex-toy-data-collection-chicago-lawsuit"> was sued for collecting lots of personal information about how people used it</a>. The company's statement that it was anonymizing the data may be true, but it doesn't really matter. If it had sold the data to a data broker, the data broker would have been able to figure out who the user was. Following this lawsuit, <a href="https://www.theguardian.com/technology/2017/mar/14/we-vibe-vibrator-tracking-users-sexual-habits"> the company has been ordered to pay a total of C$4m</a> to its customers. </li> <li id="M201702280"> “CloudPets” toys with microphones <a href="https://www.theguardian.com/technology/2017/feb/28/cloudpets-data-breach-leaks-details-of-500000-children-and-adults"> leak childrens' conversations to the manufacturer</a>. Guess what? <a href="https://motherboard.vice.com/en_us/article/pgwean/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings"> Crackers found a way to access the data</a> collected by the manufacturer's snooping. That the manufacturer and the FBI could listen to these conversations was unacceptable by itself. </li> <li id="M201702200"> If you buy a used “smart” car, house, TV, refrigerator, etc., usually <a href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the previous owners can still remotely control it</a>. </li> <li id="M201702060"> Vizio “smart” <a href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">TVs report everything that is viewed on them, and not just broadcasts and cable</a>. Even if the image is coming from the user's own computer, the TV reports what it is. The existence of a way to disable the surveillance, even if it were not hidden as it was in these TVs, does not legitimize the surveillance. </li> <li id="M201701271"> A cracker would be able to <a href="https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/"> turn the Oculus Rift sensors into spy cameras</a> after breaking into the computer they are connected to. Unfortunately, the article <a href="/philosophy/words-to-avoid.html#Hacker">improperly refers to crackers as “hackers”</a>. </li> <li id="M201612230"> VR equipment, measuring every slight motion, creates the potential for the most intimate surveillance ever. All it takes to make this potential real <a href="https://theintercept.com/2016/12/23/virtual-reality-allows-the-most-detailed-intimate-digital-surveillance-yet/">is software as malicious as many other programs listed in this page</a>. You can bet Facebook will implement the maximum possible surveillance on Oculus Rift devices. The moral is, never trust a VR system with nonfree software in it. </li> <li id="M201612200"> The developer of Ham Radio Deluxe <a href="https://www.techdirt.com/articles/20161220/12411836320/company-bricks-users-software-after-he-posts-negative-review.shtml">sabotaged a customer's installation as punishment for posting a negative review</a>. Most proprietary software companies don't use their power so harshly, but it is an injustice that they all have such power. </li> <li id="M201612060.1"> The “smart” toys My Friend Cayla and i-Que can be <a href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">remotely controlled with a mobile phone</a>; physical access is not necessary. This would enable crackers to listen in on a child's conversations, and even speak into the toys themselves. This means a burglar could speak into the toys and ask the child to unlock the front door while Mommy's not looking. </li> <li id="M201609200"> HP's firmware downgrade <a href="https://www.theguardian.com/technology/2016/sep/20/hp-inkjet-printers-unofficial-cartridges-software-update">imposed DRM on some printers, which now refuse to function with third-party ink cartridges</a>. </li> <li id="M201608080"> Ransomware <a href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/"> has been developed for a thermostat that uses proprietary software</a>. </li> <li id="M201605020"> Samsung's “Smart Home” has a big security hole; <a href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/"> unauthorized people can remotely control it</a>. Samsung claims that this is an “open” platform so the problem is partly the fault of app developers. That is clearly true if the apps are proprietary software. Anything whose name is “Smart” is most likely going to screw you. </li> <li id="M201604110"> Malware was found on <a href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html"> security cameras available through Amazon</a>. A camera that records locally on physical media, and has no network connection, does not threaten people with surveillance—neither by watching people through the camera, nor through malware in the camera. </li> <li id="M201604050"> Google/Alphabet <a href="https://www.eff.org/deeplinks/2016/04/nest-reminds-customers-ownership-isnt-what-it-used-be"> intentionally broke Revolv home automatic control products that depended on a server</a> to function, by shutting down the server. The lesson is, reject all such products. Insist on self-contained computers that run free software! </li> <li id="M201603220"> Over 70 brands of network-connected surveillance cameras have <a href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"> security bugs that allow anyone to watch through them</a>. </li> <li id="M201601100"> The <a href="http://michaelweinberg.org/post/137045828005/free-the-cube"> “Cube” 3D printer was designed with DRM</a>: it won't accept third-party printing materials. It is the Keurig of printers. Now it is being discontinued, which means that eventually authorized materials won't be available and the printers may become unusable. With a <a href="http://www.fsf.org/resources/hw/endorsement/aleph-objects"> printer that gets the Respects Your Freedom</a>, this problem would not even be a remote possibility. How pitiful that the author of that article says that there was “nothing wrong” with designing the device to restrict users in the first place. This is like putting a “cheat me and mistreat me” sign on your chest. We should know better: we should condemn all companies that take advantage of people like him. Indeed, it is the acceptance of their unjust practice that teaches people to be doormats. </li> <li id="M201512140"> Philips “smart” lightbulbs had initially been designed to interact with other companies' smart light bulbs, but <a href="https://www.techdirt.com/articles/20151214/07452133070/lightbulb-drm-philips-locks-purchasers-out-third-party-bulbs-with-firmware-update.shtml"> later the company updated the firmware to disallow interoperability</a>. If a product is “smart”, and you didn't build it, it is cleverly serving its manufacturer against you. </li> <li id="M201512074"> <a href="http://www.itworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html"> Some D-Link routers</a> have a back door for changing settings in a dlink of an eye. <a href="http://sekurak.pl/tp-link-httptftp-backdoor/"> The TP-Link router has a back door</a>. <a href="https://github.com/elvanderb/TCP-32764">Many models of routers have back doors</a>. </li> <li id="M201511250"> The Nest Cam “smart” camera is <a href="http://www.bbc.com/news/technology-34922712">always watching</a>, even when the “owner” switches it “off.” A “smart” device means the manufacturer is using it to outsmart you. </li> <li id="M201511198"> ARRIS cable modem has a <a href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1"> back door in the back door</a>. </li> <li id="M201511130"> Some web and TV advertisements play inaudible sounds to be picked up by proprietary malware running on other devices in range so as to determine that they are nearby. Once your Internet devices are paired with your TV, advertisers can correlate ads with Web activity, and other <a href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/"> cross-device tracking</a>. </li> <li id="M201511060"> Vizio goes a step further than other TV manufacturers in spying on their users: their <a href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you"> “smart” TVs analyze your viewing habits in detail and link them your IP address</a> so that advertisers can track you across devices. It is possible to turn this off, but having it enabled by default is an injustice already. </li> <li id="M201511020"> Tivo's alliance with Viacom adds 2.3 million households to the 600 millions social media profiles the company already monitors. Tivo customers are unaware they're being watched by advertisers. By combining TV viewing information with online social media participation, Tivo can now <a href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102"> correlate TV advertisement with online purchases</a>, exposing all users to new combined surveillance by default. </li> <li id="M201510210"> FitBit fitness trackers have a <a href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/"> Bluetooth vulnerability</a> that allows attackers to send malware to the devices, which can subsequently spread to computers and other FitBit trackers that interact with them. </li> <li> “Self-encrypting” <li id="M201510200"> “Self-encrypting” disk drives do the encryption with proprietary firmware so you can't trust it. Western Digital's <a href="https://motherboard.vice.com/en_uk/read/some-popular-self-encrypting-hard-drives-have-really-bad-encryption"> “My Passport” drives <a href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption"> have a back door</a>. </li> <li> Hospira infusion pumps, which <li id="M201507240"> Vizio “smart” TVs recognize and <a href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track what people are used to administer drugs to a patient, were rated “<a href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/"> least secure IP device I've ever seen</a>” by watching</a>, even if it isn't a security researcher. Depending on what drug is being infused, the insecurity could open the door to murder. TV channel. </li> <li> <li id="M201506080"> Due to bad security in a drug pump, crackers could use it to <a href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/"> kill patients</a>. </li> <li> <a href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/"> “Smart homes”</a> turn out to be stupidly vulnerable to intrusion. </li> <li> The <a href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html"> FTC punished a company for making webcams with bad security</a> so that it was easy for anyone to watch them. </li> <li> It is possible to <a href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/"> kill people by taking control of medical implants by radio</a>. More information in <a href="http://www.bbc.co.uk/news/technology-17631838">BBC News</a> and <a href="http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html"> IOActive Labs Research blog</a>. </li> <li> Lots of <li id="M201505290"> Verizon cable TV <a href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/"> hospital equipment has lousy security</a>, href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/"> snoops on what programs people watch, and it can be fatal. even what they wanted to record</a>. </li> <li> <a href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/"> Point-of-sale terminals running Windows <li id="M201505050"> Hospira infusion pumps, which are used to administer drugs to a patient, were taken over</a> and turned into rated “<a href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least secure IP device I've ever seen</a>” by a botnet for security researcher. Depending on what drug is being infused, the purpose of collecting customers' credit card numbers. insecurity could open the door to murder. </li> <li id="vizio-snoop"> id="M201504300"> Vizio <a href="http://boingboing.net/2015/04/30/telescreen-watch-vizio-adds-s.html"> used a firmware “upgrade” to make its TVs snoop on what users watch</a>. The TVs did not do that when first sold. </li> <li> <li id="M201502180"> Barbie <a href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673">is going to spy on children and adults</a>. </li> <li id="M201502090"> The Samsung “Smart” TV <a href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm"> transmits users' voice on the internet to another company, Nuance</a>. Nuance can save it and would then have to give it to the US or some other government. Speech recognition is not to be trusted unless it is done by free software in your own computer. In its privacy policy, Samsung explicitly confirms that <a href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice data containing sensitive information will be transmitted to third parties</a>. </li> <li id="M201411090"> The Amazon “Smart” TV is <a href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance"> snooping all the time</a>. </li> <li id="M201409290"> More or less all “smart” TVs <a href="http://www.myce.com/news/reseachers-all-smart-tvs-spy-on-you-sony-monitors-all-channel-switches-72851/">spy on their users</a>. The report was as of 2014, but we don't expect this has got better. This shows that laws requiring products to get users' formal consent before collecting personal data are totally inadequate. And what happens if a user declines consent? Probably the TV will say, “Without your consent to tracking, the TV will not work.” Proper laws would say that TVs are not allowed to report what the user watches—no exceptions! </li> <li id="M201407170"> Nest thermometers send <a href="http://bgr.com/2014/07/17/google-nest-jailbreak-hack">a lot of data about the user</a>. </li> <li id="M201405200.1"> LG <a href="http://www.techdirt.com/articles/20140511/17430627199/lg-will-take-smart-out-your-smart-tv-if-you-dont-agree-to-share-your-viewing-search-data-with-third-parties.shtml"> disabled network features</a> on previously purchased “smart” TVs, unless the purchasers agreed to let LG begin to snoop on them and distribute their personal data. </li> <li> <a href="http://www.mirror.co.uk/news/technology-science/technology/wi-fi-spy-barbie-records-childrens-5177673"> Barbie is going to spy</a> on children <li id="M201404250"> Lots of <a href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/"> hospital equipment has lousy security</a>, and adults. it can be fatal. </li> <li> <li id="M201312290"> <a href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html"> Cisco TNP IP phones are spying devices</a>. </li> <li> The <a href="http://www.bbc.com/news/technology-34922712">Nest Cam “smart” camera is always watching</a>, even when the “owner” switches href="http://www.bunniestudios.com/blog/?p=3554"> Some flash memories have modifiable software</a>, which makes them vulnerable to viruses. We don't call this a “back door” because it “off.” A “smart” device means the manufacturer is using it normal that you can install a new system in a computer, given physical access to outsmart you. it. However, memory sticks and cards should not be modifiable in this way. </li> <li> Vizio goes <li id="M201312040"> <a href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/"> Point-of-sale terminals running Windows were taken over</a> and turned into a step further than other TV manufacturers botnet for the purpose of collecting customers' credit card numbers. </li> <li id="M201311210"> Spyware in spying on their users: their <a href="http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you"> LG “smart” TVs analyze your viewing habits in detail <a href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html"> reports what the user watches, and link them your IP address</a> so that advertisers can track you across devices. It is possible the switch to turn this off, but having it enabled by default is an injustice already. </li> <li> Tivo's alliance with Viacom adds 2.3 million households to the 600 millions social media profiles the company already monitors. Tivo customers are unaware they're being watched by advertisers. By combining TV viewing information with online social media participation, Tivo can now <a href="http://www.reuters.com/article/viacom-tivo-idUSL1N12U1VV20151102"> correlate TV advertisement with online purchases</a>, exposing all users to new combined surveillance by default. </li> <li> Some web and TV advertisements play inaudible sounds to be picked up by proprietary malware running off has no effect</a>. (The fact that the transmission reports a 404 error really means nothing; the server could save that data anyway.) Even worse, it <a href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/"> snoops on other devices in range so as on the user's local network</a>. LG later said it had installed a patch to determine that they are nearby. Once your Internet devices are paired with your TV, advertisers can correlate ads with Web activity, stop this, but any product could spy this way. </li> <li id="M201310070"> <a href="http://web.archive.org/web/20131007102857/http://www.nclnet.org/technology/73-digital-rights-management/124-whos-driving-the-copyright-laws-consumers-insist-on-the-right-to-back-it-up"> DVDs and other Bluray disks have DRM</a>. That page uses spin terms that favor DRM, including <a href="http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/"> cross-device tracking</a>. </li> <li> Vizio “smart” TVs recognize href="/philosophy/words-to-avoid.html#DigitalRightsManagement"> digital “rights” management</a> and <a href="http://www.engadget.com/2015/07/24/vizio-ipo-inscape-acr/">track what people href="/philosophy/words-to-avoid.html#Protection">“protect”</a>, and it claims that “artists” (rather than companies) are watching</a>, even if primarily responsible for putting digital restrictions management into these disks. Nonetheless, it isn't a TV channel. </li> <li> The Amazon “smart” TV is <a href="http://www.theguardian.com/technology/shortcuts/2014/nov/09/amazon-echo-smart-tv-watching-listening-surveillance"> snooping all a reference for the time</a>. facts. Every Bluray disk (with few, rare exceptions) has DRM—so don't use Bluray disks! </li> <li> <li id="M201309050"> The Samsung “smart” TV FTC punished a company for making webcams with <a href="http://www.consumerreports.org/cro/news/2015/02/who-s-the-third-party-that-samsung-and-lg-smart-tvs-are-sharing-your-voice-data-with/index.htm"> transmits users' voice on the internet to another company, Nuance</a>. Nuance can save it and would then have to give href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html"> bad security so that it was easy for anyone to the US or some other government. Speech recognition is not to be trusted unless it is done by free watch through them</a>. </li> <li id="M201308060"> <a href="http://spritesmods.com/?art=hddhack&page=6"> Replaceable nonfree software in your own computer. In its privacy policy, Samsung explicitly confirms disk drives can be written by a nonfree program</a>. This makes any system vulnerable to persistent attacks that normal forensics won't detect. </li> <li id="M201307270"> It is possible to <a href="http://theweek.com/speedreads/538379/samsung-warns-customers-not-discuss-personal-information-front-smart-tvs">voice data containing sensitive href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/"> kill people by taking control of medical implants by radio</a>. More information will in <a href="http://www.bbc.co.uk/news/technology-17631838">BBC News</a> and <a href="https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/"> IOActive Labs Research blog</a>. </li> <li id="M201307260"> <a href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/"> “Smart homes”</a> turn out to be transmitted stupidly vulnerable to third parties</a>. intrusion. </li> <li> <a href="http://doctorbeet.blogspot.co.uk/2013/11/lg-smart-tvs-logging-usb-filenames-and.html"> Spyware in LG “smart” TVs</a> reports what the user watches, and <li id="M201307114"> HP “storage appliances” that use the switch proprietary “Left Hand” operating system have back doors that give HP <a href="https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/"> remote login access</a> to turn this off has no effect. (The fact them. HP claims that this does not give HP access to the transmission reports a 404 error really means nothing; customer's data, but if the server back door allows installation of software changes, a change could save be installed that data anyway.) Even worse, it would give access to the customer's data. </li> <li id="M201212290"> The Cisco TNP IP phones are <a href="http://rambles.renney.me/2013/11/lg-tv-logging-filenames-from-network-folders/"> snoops on other devices on href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html"> spying devices</a>. </li> <li id="M201212180"> Samsung “Smart” TVs have <a href="https://wiki.samygo.tv/index.php?title=SamyGO_for_DUMMIES#What_are_Restricted_Firmwares.3F"> turned Linux into the user's local network</a>. LG later said it had installed base for a patch tyrant system</a> so as to stop this, but any product could spy impose DRM. What enables Samsung to do this way. is that Linux is released under GNU GPL version 2, <a href="/licenses/rms-why-gplv3.html">not version 3</a>, together with a weak interpretation of GPL version 2. </li> <li> <a href="http://arstechnica.com/business/2015/05/verizon-fios-reps-know-what-tv-channels-you-watch/"> Verizon cable TV snoops <li id="M201212170"> <a href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html"> Crackers found a way to break security on what programs people watch</a>, a “smart” TV</a> and even what they wanted use its camera to record. watch the people who are watching TV. </li> <li id="M201210020"> Some LG TVs <a href="http://openlgtv.org.ru/wiki/index.php/Achievements">are tyrants</a>. </li> </ul> </div>  <div id="footer"> <div class="unprintable"> Please send general FSF & GNU inquiries to <a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>. There are also <a href="/contact/">other ways to contact</a> the FSF. Broken links and other corrections or suggestions can be sent to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.  Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating and submitting translations of this article. </div>  Copyright © 2016, 2017, 2018 2018, 2019 Free Software Foundation, Inc. This page is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nd/4.0/">Creative href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution-NoDerivatives Attribution 4.0 International License</a>.  Updated:  $Date: 2019/05/08 15:01:36 $  </div> </div> </div> </body> </html> ...; http://www.gnu.org/savannah-checkouts/gnu/www/proprietary/po/malware-appliances.de-diff.html - [detail] - [similar]

PREV NEXT