Results of 1 - 1 of about 725 for Android 12 (1.997 sec.)
android (2801), 12 (27798)
- /proprietary/proprietary-back-doors.html-diff
- #score: 5143
- @digest: b5054f61bbd7b77f03d73a7c4af7cb52
- @id: 113601
- @lang: en
- @mdate: 2019-06-11T12:01:40Z
- @size: 46702
- @type: text/html
- content-type: text/html; charset=utf-8
- #keywords: universal (11334), door (9955), backdoor (9422), remotely (9013), arstechnica (6467), modem (5705), href (4869), li (4777), swindle (4279), doors (4141), back (4041), windows (3745), https (3595), android (3266), deleting (2829), phone (2817), google (2621), phones (2533), encryption (2451), microsoft (2340), proprietary (2321), updates (2131), technology (2024), malware (1872), com (1849), amazon (1683), security (1662), apps (1656), processor (1598), settings (1505), article (1484), remote (1437)
- <!--#include virtual="/server/header.html" --> <!-- Parent-Version: 1.85 1.87 --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do not edit <ul class="blurbs">! Instead, edit /proprietary/workshop/mal.rec, then regenerate pages. See explanations in /proprietary/workshop/README.md. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <title>Proprietary Back Doors - GNU Project - Free Software Foundation</title> <!--#include virtual="/proprietary/po/proprietary-back-doors.translist" --> <!--#include virtual="/server/banner.html" --> <h2>Proprietary Back Doors</h2> <p><a href="/proprietary/proprietary.html">Other examples of proprietary malware</a></p> <div class="comment"> <p>Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; <a href="/philosophy/free-software-even-more-important.html">that is the basic injustice</a>. The developers often exercise that power to the detriment of the users they ought to serve.</p> <p>A “back door” in a program is a channel designed to send the program commands from someone who is not supposed to be in control of the computer where the program is installed.</p> <p>Here are examples of demonstrated back doors in proprietary software. They are sorted out according to what they are known to allow. Back doors that allow full control over the operating system are said to be “universal”.</p> <div class="important"> <p>If you know of an example that ought to be in this page but isn't here, please write to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include the URL of a trustworthy reference or two to present the specifics.</p> serve as specific substantiation.</p> </div> </div> <p class="c"> <a href="#spy">Spying</a> | <a href="#alter-data">Altering user's data/settings</a> | <a href="#install-delete">Installing/deleting programs</a> | <a href="#universal">Full control</a> | <a href="#other">Other/undefined</a> class="c" style="font-size: 1.1em"> <a href="#spy">Spying</a> <a href="#alter-data">Altering user's data/settings</a> <a href="#install-delete">Installing/deleting/disabling programs</a> <a href="#universal">Full control</a> <a href="#other">Other/undefined</a> </p> <!-- WEBMASTERS: make sure to place new items on top under each subsection --> <h3 id="spy">Spying</h3> <ul> <li> id='spy'>Spying</h3> <ul class="blurbs"> <li id="M201706200.2"> <p id="InternetCameraBackDoor">Many models of Internet-connected cameras contain a glaring back door—they have login accounts with hard-coded passwords, which can't be changed, and <a href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/"> there is no way to delete these accounts either</a>.</p> <p>Since these accounts with hard-coded passwords are impossible to delete, this problem is not merely an insecurity; it amounts to a back door that can be used by the manufacturer (and government) to spy on users.</p> </li> <li> <li id="M201701130"> <p>WhatsApp has a feature that <a href="https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages"> href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/"> has been described as a “back door”</a> because it would enable governments to nullify its encryption.</p> <p>The developers say that it wasn't intended as a back door door, and that may well be true. But that leaves the company can use to read the plaintext crucial question of messages</a>.</p> <p>This should not come whether it functions as a surprise. Nonfree software for encryption one. Because the program is never trustworthy.</p> nonfree, we cannot check by studying it.</p> </li> <li> <p><a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> Microsoft <li id="M201512280"> <p>Microsoft has already <a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> backdoored its disk encryption</a>.</p> </li> <li> <li id="M201409220"> <p>Apple can, and regularly does, <a href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/"> remotely extract some data from iPhones for the state</a>.</p> <p>This may have improved with <a href="http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html"> iOS 8 security improvements</a>; but <a href="https://firstlook.org/theintercept/2014/09/22/apple-data/"> not as much as Apple claims</a>.</p> </li> </ul> <h3 id="alter-data">Altering id='alter-data'>Altering user's data or settings</h3> <ul> <li> <ul class="blurbs"> <li id="M201905060"> <p>BlizzCon 2019 imposed a <a href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/"> requirement to run a proprietary phone app</a> to be allowed into the event.</p> <p>This app is a spyware that can snoop on a lot of sensitive data, including user's location and contact list, and has <a href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/"> near-complete control</a> over the phone.</p> </li> <li id="M201809140"> <p>Android has a <a href="https://www.theverge.com/platform/amp/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change"> back door for remotely changing “user” settings</a>.</p> <p>The article suggests it might be a universal back door, but this isn't clear.</p> </li> <li id="M201607284"> <p>The Dropbox app for Macintosh <a href="http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/"> takes control of user interface items after luring the user into entering an admin password</a>.</p> </li> <li id="M201604250"> <p>A pregnancy test controller application not only can <a href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security"> spy on many sorts of data in the phone, and in server accounts, it can alter them too</a>.</p> </li> <li> <p>The Dropbox app <li id="M201512074"> <p><a href="http://www.itworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html"> Some D-Link routers</a> have a back door for Macintosh <a href="http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/"> takes control changing settings in a dlink of user interface items after luring the user into entering an admin password</a>.</p> eye.</p> <p><a href="http://sekurak.pl/tp-link-httptftp-backdoor/"> The TP-Link router has a back door</a>.</p> <p><a href="https://github.com/elvanderb/TCP-32764">Many models of routers have back doors</a>.</p> </li> <li> <p>Users reported that <li id="M201511244"> <p>Google has long had <a href="http://www.networkworld.com/article/2993490/windows/windows-10-upgrades-reportedly-appearing-as-mandatory-for-some-users.html#tk.rss_all"> Microsoft was forcing them href="http://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">a back door to replace Windows 7 and 8 with all-spying Windows 10</a>.</p> <p>Microsoft was in fact <a href="http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html"> attacking computers that run Windows 7 and 8</a>, switching on a flag that said whether to “upgrade” to Windows 10 when users had turned it off.</p> <p>Later on, Microsoft published instructions on <a href="http://arstechnica.com/information-technology/2016/01/microsoft-finally-has-a-proper-way-to-opt-out-of-windows-78-to-windows-10-upgrades/"> how to permanently reject remotely unlock an Android device</a>, unless its disk is encrypted (possible since Android 5.0 Lollipop, but still not quite the downgrade to Windows 10</a>.</p> <p>This seems to involve use of a back door in Windows 7 and 8.</p> default).</p> </li> <li> <li id="M201511194"> <p>Caterpillar vehicles come with <a href="http://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it"> a back door to shutoff the engine</a> remotely.</p> </li> <li> <li id="M201509160"> <p>Modern gratis game cr…apps <a href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/"> collect a wide range of data about their users and their users' friends and associates</a>.</p> <p>Even nastier, they do it through ad networks that merge the data collected by various cr…apps and sites made by different companies.</p> <p>They use this data to manipulate people to buy things, and hunt for “whales” who can be led to spend a lot of money. They also use a back door to manipulate the game play for specific players.</p> <p>While the article describes gratis games, games that cost money can use the same tactics.</p> </li> <li> <p><a id="samsung" <li id="M201403120.1"> <p id="samsung"><a href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor"> Samsung Galaxy devices running proprietary Android versions come with a back door</a> that provides remote access to the files stored on the device.</p> </li> <li> <p><a href="http://www.itworld.com/article/2705284/data-protection/backdoor-found-in-d-link-router-firmware-code.html"> Some D-Link routers</a> have a back door for changing settings in a dlink of an eye.</p> <p><a href="http://sekurak.pl/tp-link-httptftp-backdoor/"> The TP-Link router has a back door</a>.</p> <p><a href="https://github.com/elvanderb/TCP-32764">Many models of routers have back doors</a>.</p> </li> <li id="swindle-eraser"> <p>The id="M201210220"> <p id="swindle-eraser">The Amazon Kindle-Swindle has a back door that has been used to <a href="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/"> remotely erase books</a>. One of the books erased was 1984, <cite>1984</cite>, by George Orwell.</p> <p>Amazon responded to criticism by saying it would delete books only following orders from the state. However, that policy didn't last. In 2012 it <a href="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html"> wiped a user's Kindle-Swindle and deleted her account</a>, then offered her kafkaesque “explanations.”</p> <p>Do other ebook readers have back doors in their nonfree software? We don't know, and we have no way to find out. There is no reason to assume that they don't.</p> </li> <li> <li id="M201011220"> <p>The iPhone has a back door for <a href="http://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone"> remote wipe</a>. It's not always enabled, but users are led into enabling it without understanding.</p> </li> </ul> <h3 id="install-delete">Installing or id='install-delete'>Installing, deleting or disabling programs</h3> <ul class="blurbs"> <li id="M201811100"> <p>Corel Paintshop Pro has a <a href="https://torrentfreak.com/corel-wrongly-accuses-licensed-user-of-piracy-disables-software-remotely-181110/"> back door that can make it cease to function</a>.</p> <p>The article is full of confusions, errors and biases that we have an obligation to expose, given that we are making a link to them.</p> <ul> <li><p>Some <li>Getting a patent does not “enable” a company to do any particular thing in its products. What it does enable the company to do is sue other companies if they do some particular thing in their products.</li> <li>A company's policies about when to attack users through a back door are beside the point. Inserting the back door is wrong in the first place, and using the back door is always wrong too. No software developer should have that power over users.</li> <li>“<a href="/philosophy/words-to-avoid.html#Piracy">Piracy</a>” means attacking ships. Using that word to refer to sharing copies is a smear; please don't smear sharing.</li> <li><p>The idea of “protecting our IP” is total confusion. The term “IP” itself is a <a href="/philosophy/not-ipr.html">bogus generalization about things that have nothing in common</a>.</p> <p>In addition, to speak of “protecting” that bogus generalization is a separate absurdity. It's like calling the cops because neighbors' kids are playing on your front yard, and saying that you're “protecting the boundary line”. The kids can't do harm to the boundary line, not even with a jackhammer, because it is an abstraction and can't be affected by physical action.</p></li> </ul> </li> <li id="M201804010"> <p>Some “Smart” TVs automatically <a href="https://news.ycombinator.com/item?id=16727319">load href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928"> load downgrades that install a surveillance app</a>.</p> <p>We link to the article for the facts it presents. It is too bad that the article finishes by advocating the moral weakness of surrendering to Netflix. The Netflix app <a href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is malware too</a>.</p> </li> <li> <li id="M201511090"> <p>Baidu's proprietary Android library, Moplus, has a back door that <a href="https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made"> can “upload files” as well as forcibly install apps</a>.</p> <p>It is used by 14,000 Android applications.</p> </li> <li> <p>In Android, <li id="M201112080"> <p> In addition to its <a href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html"> Google href="#windows-update">universal back door</a>, Windows 8 has a back door for <a href="https://www.computerworld.com/article/2500036/microsoft--we-can-remotely-delete-windows-8-apps.html"> remotely deleting apps</a>.</p> <p>You might well decide to let a security service that you trust remotely <em>deactivate</em> programs that it considers malicious. But there is no excuse for <em>deleting</em> the programs, and you should have the right to decide whom (if anyone) to trust in this way.</p> </li> <li id="M201103070"> <p>In Android, <a href="https://www.computerworld.com/article/2506557/google-throws--kill-switch--on-android-phones.html"> Google has a back door to remotely delete apps.</a> apps</a>. (It was in a program called GTalkService, which seems since then to have been merged into Google Play.)</p> <p>Google can also <a href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/"> forcibly and remotely install apps</a> through GTalkService. This is not equivalent to a universal back door, but permits various dirty tricks.</p> <p>Although Google's <em>exercise</em> of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely <em>deactivate</em> programs that it considers malicious. But there is no excuse for allowing it to <em>delete</em> the programs, and you should have the right to decide who (if anyone) to trust in this way.</p> </li> <li> <p><a href="http://www.computerworld.com/article/2500036/desktop-apps/microsoft--we-can-remotely-delete-windows-8-apps.html"> Windows 8 also has a back door for remotely deleting apps</a>.</p> <p>You might well decide to let a security service that you trust remotely <em>deactivate</em> programs that it considers malicious. But there is no excuse for <em>deleting</em> the programs, and you should have the right to decide whom (if anyone) to trust in this way.</p> </li> <li> <li id="M200808110"> <p>The iPhone has a back door <a href="http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html"> that allows Apple to remotely delete apps</a> which Apple considers “inappropriate”. Jobs said it's OK for Apple to have this power because of course we can trust Apple.</p> </li> </ul> <h3 id="universal">Full id='universal'>Full control</h3> <ul> <li> <p>ChromeOS <ul class="blurbs"> <li id="M201902011"> <p>The FordPass Connect feature of some Ford vehicles has <a href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html"> near-complete access to the internal car network</a>. It is constantly connected to the cellular phone network and sends Ford a universal back door. At least, Google says it does—in lot of data, including car location. This feature operates even when the ignition key is removed, and users report that they can't disable it.</p> <p>If you own one of these cars, have you succeeded in breaking the connectivity by disconnecting the cellular modem, or wrapping the antenna in aluminum foil?</p> </li> <li id="M201812300"> <p>New GM cars <a href="https://www.google.com/intl/en/chromebook/termsofservice.html"> section 4 href="https://media.gm.com/media/us/en/gmc/vehicles/canyon/2019.html"> offer the feature of a universal back door</a>.</p> <p>Every nonfree program offers the EULA</a>.</p> user zero security against its developer. With this malfeature, GM has explicitly made things even worse.</p> </li> <li> <li id="M201711244"> <p>The Furby Connect has a <a href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect"> universal back door</a>. If the product as shipped doesn't act as a listening device, remote changes to the code could surely convert it into one.</p> </li> <li> <li id="M201711010"> <p>Sony has brought back its robotic pet Aibo, this time <a href="https://motherboard.vice.com/en_us/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet"> with a universal back door, and tethered to a server that requires a subscription</a>.</p> </li> <li> <li id="M201709090.1"> <p>Tesla cars have a used software to limit the part of the battery that was available to customers in some cars, and <a href="https://techcrunch.com/2017/09/09/tesla-flips-a-switch-to-increase-the-range-of-some-cars-in-florida-to-help-people-evacuate/"> a universal back door</a>.</p> door in the software</a> to temporarily increase this limit.</p> <p>While remotely allowing car “owners” to use the whole battery capacity did not do them any harm, the same back door would permit Tesla (perhaps under the command of some government) to remotely order the car to use none of its battery. Or perhaps to drive its passenger to a torture prison.</p> </li> <li> <li id="M201702060.1"> <p>Vizio “smart” TVs <a href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen"> have a universal back door</a>.</p> </li> <li> <p>The Amazon Echo appears to have a universal back door, since <a href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates"> it installs “updates” automatically</a>.</p> <p>We have found nothing explicitly documenting the lack of any way to disable remote changes to the software, so we are not completely sure there isn't one, but it seems pretty clear.</p> </li> <li> <li id="M201609130"> <p>Xiaomi phones come with <a href="https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered"> href="https://web.archive.org/web/20190424082647/http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/"> a universal back door in the application processor, for Xiaomi's use</a>.</p> <p>This is separate from <a href="#universal-back-door-phone-modem">the universal back door in the modem processor that the local phone company can use</a>.</p> </li> <li> <p>Microsoft <li id="M201608171"> <p id="windows-update">Microsoft Windows has a universal back door through which <a href="https://web.archive.org/web/20071011010707/http://informationweek.com/news/showArticle.jhtml?articleID=201806263"> href="http://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183"> any change whatsoever can be imposed on the users</a>.</p> <p>More information on when <p>This was <a href="http://slated.org/windows_by_stealth_the_updates_you_dont_want"> this was used</a>.</p> reported in 2007</a> for XP and Vista, and it seems that Microsoft used the same method to push the <a href="/proprietary/malware-microsoft.html#windows10-forcing"> Windows 10 downgrade</a> to computers running Windows 7 and 8.</p> <p>In Windows 10, the universal back door is no longer hidden; all “upgrades” will be <a href="http://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/"> forcibly and immediately imposed</a>.</p> </li> <li> <li id="M201606060"> <p>The Amazon Echo appears to have a universal back door, since <a href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates"> it installs “updates” automatically</a>.</p> <p>We have found nothing explicitly documenting the lack of any way to disable remote changes to the software, so we are not completely sure there isn't one, but this seems pretty clear.</p> </li> <li id="M201412180"> <p><a href="http://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor"> A Chinese version of Android has a universal back door</a>. Nearly all models of mobile phones have a <a href="#universal-back-door"> href="#universal-back-door-phone-modem"> universal back door in the modem chip</a>. So why did Coolpad bother to introduce another? Because this one is controlled by Coolpad.</p> </li> <li> <li id="M201311300"> <p><a href="http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/"> Some applications come with MyFreeProxy, which is a universal back door door</a> that can download programs and run them.</a></p> them.</p> </li> <li id="M201202280"> <p>ChromeOS has a universal back door. At least, Google says it does—in <a href="https://www.google.com/intl/en/chromebook/termsofservice.html"> section 4 of the EULA</a>.</p> </li> <li id="M200700000.1"> <p>In addition to its <a href="#swindle-eraser">book eraser</a>, the Kindle-Swindle has a <a href="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090"> universal back door</a>.</p> </li> <li> <li id="M200612050"> <p id="universal-back-door">Almost id="universal-back-door-phone-modem">Almost every phone's communication processor has a universal back door which is <a href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html"> often used to make a phone transmit all conversations it hears</a>.</p> <p>The back door hears</a>. See <a href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone"> may take the form of bugs that have gone 20 years unfixed</a>. The choice to leave the security holes in place is morally equivalent to writing a back door.</p> <p>The back door is href="/proprietary/malware-mobiles.html#universal-back-door-phone-modem">Malware in the “modem processor”, whose job is to communicate with the radio network. In most phones, the modem processor controls the microphone. In most phones it has the power to rewrite the software Mobile Devices</a> for the main processor too.</p> <p>A few phone models are specially designed so that the modem processor does not control the microphone, and so that it can't change the software in the main processor. They still have the back door, but at least it is unable to turn the phone unto a listening device.</p> <p>The universal more info.</p> </li> </ul> <h3 id='other'>Other or undefined</h3> <ul class="blurbs"> <li id="M201711204"> <p>Intel's intentional “management engine” back door is apparently also used to make phones <a href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html"> transmit even when they are turned off</a>. This means their movements are tracked, and may also make the listening feature work.</p> </li> <li> <p>In addition to its <a href="#swindle-eraser">book eraser</a>, the Kindle-Swindle has a <a href="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090"> universal href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/"> unintended back door</a>.</p> doors</a> too.</p> </li> </ul> <h3 id="other">Other or undefined</h3> <ul> <li> <li id="M201609240"> <p>A Capcom's Street Fighter V update <a href="https://www.theregister.co.uk/2016/09/23/capcom_street_fighter_v/"> installed a driver that could be used as a back door by any application installed on a Windows computer</a>, but was <a href="https://www.rockpapershotgun.com/2016/09/24/street-fighter-v-removes-new-anti-crack"> immediately rolled back</a> in response to public outcry.</p> </li> <li> <p>ARRIS cable modem has a <a href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1"> back door in the back door</a>.</p> </li> <li> <li id="M201511260"> <p>Dell computers, shipped with Windows, had a bogus root certificate that <a href="http://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/"> allowed anyone (not just Dell) to remotely authorize any software to run</a> on the computer.</p> </li> <li> <li id="M201511198"> <p>ARRIS cable modem has a <a href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1"> back door in the back door</a>.</p> </li> <li id="M201510200"> <p>“Self-encrypting” disk drives do the encryption with proprietary firmware so you can't trust it. Western Digital's “My Passport” drives <a href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption"> have a back door</a>.</p> </li> <li id="M201504090"> <p>Mac OS X had an <a href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/"> intentional local back door for 4 years</a>.</p> years</a>, which could be exploited by attackers to gain root privileges.</p> </li> <li> <li id="M201309110"> <p>Here is a big problem whose details are still secret: <a href="http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/"> The FBI asks lots of companies to put back doors in proprietary programs</a>. We don't know of specific cases where this was done, but every proprietary program for encryption is a possibility.</p> </li> <li> <p>German <li id="M201308230"> <p>The German government <a href="https://web.archive.org/web/20160310201616/http://drleonardcoldwell.com/2013/08/23/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/"> veers href="https://www.theregister.co.uk/2013/08/23/nsa_germany_windows_8/">veers away from Windows 8 computers with TPM 2.0 2.0</a> (<a href="https://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa">original article in German</a>), due to potential back door capabilities of the TPM 2.0 chip</a>.</p> chip.</p> </li> <li> <li id="M201307300"> <p>Here is a suspicion that we can't prove, but is worth thinking about: <a href="http://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI"> href="https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI"> Writable microcode for Intel and AMD microprocessors</a> may be a vehicle for the NSA to invade computers, with the help of Microsoft, say respected security experts.</p> </li> <li> <li id="M201307114"> <p>HP “storage appliances” that use the proprietary “Left Hand” operating system have back doors that give HP <a href="https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/"> remote login access</a> to them. HP claims that this does not give HP access to the customer's data, but if the back door allows installation of software changes, a change could be installed that would give access to the customer's data.</p> </li> </ul> <p>The EFF has other examples of the <a href="https://www.eff.org/deeplinks/2015/02/who-really-owns-your-drones"> use of back doors</a>.</p> </div><!-- for id="content", starts in the include above --> <!--#include virtual="/server/footer.html" --> <div id="footer"> <div class="unprintable"> <p>Please send general FSF & GNU inquiries to <a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>. There are also <a href="/contact/">other ways to contact</a> the FSF. Broken links and other corrections or suggestions can be sent to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p> <p><!-- TRANSLATORS: Ignore the original text in this paragraph, replace it with the translation of these two: We work hard and do our best to provide accurate, good quality translations. However, we are not exempt from imperfection. Please send your comments and general suggestions in this regard to <a href="mailto:web-translators@gnu.org"> <web-translators@gnu.org></a>.</p> <p>For information on coordinating and submitting translations of our web pages, see <a href="/server/standards/README.translations.html">Translations README</a>. --> Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating and submitting translations of this article.</p> </div> <p>Copyright © 2014-2018 2014-2019 Free Software Foundation, Inc.</p> <p>This page is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution 4.0 International License</a>.</p> <!--#include virtual="/server/bottom-notes.html" --> <p class="unprintable">Updated: <!-- timestamp start --> $Date: 2019/06/11 12:01:40 $ <!-- timestamp end --> </p> </div> </div> </div><!-- for class="inner", starts in the banner include --> </body> </html>
...
-
http://www.gnu.org/savannah-checkouts/gnu/www/proprietary/po/proprietary-back-doors.de-diff.html
- [detail]
- [similar]
PREV
NEXT