Results of 1 - 1 of about 725 for Android 12 (1.953 sec.)
android (2801), 12 (27816)
- /proprietary/proprietary-insecurity.html-diff
- #score: 5143
- @digest: e160478aa2fcb11b319102e5e146746a
- @id: 113647
- @lang: en
- @mdate: 2019-05-18T08:29:45Z
- @size: 57544
- @type: text/html
- content-type: text/html; charset=utf-8
- #keywords: arstechnica (19402), dishwasher (19025), ransomware (16761), whatsapp (12113), vulnerable (11684), security (11337), insecurity (11300), hospital (10533), cameras (9964), crackers (9725), vulnerability (9686), samsung (7310), li (6311), href (5569), attacks (5521), smart (5350), phones (5067), malware (4549), proprietary (3937), remotely (3862), https (3703), hackers (3675), malicious (3513), camera (2953), amazon (2646), com (2628), intel (2398), connected (2368), phone (2254), http (2218), door (2212), apps (2208)
- <!--#include virtual="/server/header.html" --> <!-- Parent-Version: 1.84 1.86 --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do not edit <ul class="blurbs">! Instead, edit /proprietary/workshop/mal.rec, then regenerate pages. See explanations in /proprietary/workshop/README.md. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <title>Proprietary Insecurity - GNU Project - Free Software Foundation</title> <!--#include virtual="/proprietary/po/proprietary-insecurity.translist" --> <!--#include virtual="/server/banner.html" --> <h2>Proprietary Insecurity</h2> <a href="/proprietary/proprietary.html">Other examples of proprietary malware</a> <div class="comment"> <p>Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; <a href="/philosophy/free-software-even-more-important.html">that is the basic injustice</a>. The developers often exercise that power to the detriment of the users they ought to serve.</p> <p>This page lists clearly established cases of insecurity in proprietary software that has grave consequences or is otherwise noteworthy.</p> <p>It is incorrect to compare free software with a fictitious idea of proprietary software as perfect, but the press often implicitly does that whenever a security hole in a free program is discovered. The examples below show that proprietary software isn't perfect, and is often quite sloppy.</p> <p>It would be equally incorrect to compare proprietary software with a fictitious idea of free software as perfect. Every nontrivial program has bugs, and any system, free or proprietary, may have security errors. flaws. To err is human, and not culpable. But proprietary software developers frequently disregard gaping holes, or even introduce them deliberately. In any case, they keep users <em>helpless to fix any security problems that arise</em>. Keeping the users helpless is what's culpable about proprietary software.</p> <ul> <li id="break-security-smarttv"> <p><a href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html"> Crackers found a way <p>This page lists clearly established cases of insecurity in proprietary software that has grave consequences or is otherwise noteworthy.</p> <div class="important"> <p>If you know of an example that ought to break security on a “smart” TV</a> and use its camera be in this page but isn't here, please write to watch <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include the people who are watching TV.</p> </li> <li> <p>Many models URL of Internet-connected cameras <a href="/proprietary/proprietary-back-doors.html#InternetCameraBackDoor"> have backdoors</a>.</p> <p>That is a malicious functionality, but trustworthy reference or two to serve as specific substantiation.</p> </div> </div> <div class="column-limit" id="proprietary-insecurity"></div> <ul class="blurbs"> <li id="M201905150"> <p>Users caught in addition it is a gross insecurity since anyone, including malicious crackers, the jail of an iMonster are <a href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can find href="https://boingboing.net/2019/05/15/brittle-security.html"> sitting ducks for other attackers</a>, and the app censorship prevents security companies from figuring out how those accounts attacks work.</p> <p>Apple's censorship of apps is fundamentally unjust, and use them would be inexcusable even if it didn't lead to get into users' cameras</a>.</p> security threats as well.</p> </li> <li> <p> Conexant HD Audio Driver Package (version 1.0.0.46 and earlier) pre-installed on 28 <li id="M201903210"> <p>The Medtronics Conexus Telemetry Protocol has <a href="http://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/"> two vulnerabilities that affect several models of HP laptops logged implantable defibrillators</a> and the user's keystroke to a file devices they connect to.</p> <p>This protocol has been around since 2006, and similar vulnerabilities were discovered in an earlier Medtronics communication protocol in 2008. Apparently, nothing was done by the filesystem. Any process with access company to correct them. This means you can't rely on proprietary software developers to fix bugs in their products.</p> </li> <li id="M201902270"> <p>The Ring (now Amazon) doorbell camera is designed so that the filesystem or manufacturer (now Amazon) can watch all the MapViewOfFile API could gain access time. Now it turns out that <a href="https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/"> anyone else can also watch, and fake videos too</a>.</p> <p>The third party vulnerability is presumably unintentional and I suppose Amazon will fix it. I do not expect Amazon to change the log. Furthermore, design that <a href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">according href="/proprietary/proprietary-surveillance.html#M201901100">allows Amazon to modzero</a> the “information-leak via Covert Storage Channel enables malware authors watch</a>.</p> </li> <li id="M201809240"> <p>Researchers have discovered how to capture keystrokes without taking <a href="http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co"> hide voice commands in other audio</a>, so that people cannot hear them, but Alexa and Siri can.</p> </li> <li id="M201808120"> <p>Crackers found a way to break the risk security of being classified an Amazon device, and <a href="https://boingboing.net/2018/08/12/alexa-bob-carol.html"> turn it into a listening device</a> for them.</p> <p>It was very difficult for them to do this. The job would be much easier for Amazon. And if some government such as malicious task by AV heuristics”. </p> </li> <li> <p>The proprietary code China or the US told Amazon to do this, or cease to sell the product in that runs pacemakers, insulin pumps, country, do you think Amazon would have the moral fiber to say no?</p> <p>These crackers are probably hackers too, but please <a href="https://stallman.org/articles/on-hacking.html"> don't use “hacking” to mean “breaking security”</a>.</p> </li> <li id="M201807100"> <p>Siri, Alexa, and all the other medical devices voice-control systems can be <a href="https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa"> hijacked by programs that play commands in ultrasound that humans can't hear</a>.</p> </li> <li id="M201807020"> <p>Some Samsung phones randomly <a href="https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages">send photos to people in the owner's contact list</a>.</p> </li> <li id="M201712240"> <p>One of the dangers of the “internet of stings” is that, if you lose your internet service, you also <a href="http://www.bbc.co.uk/news/technology-40042584"> full href="https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/"> lose control of gross your house and appliances</a>.</p> <p>For your safety, don't use any appliance with a connection to the real internet.</p> </li> <li id="M201711204"> <p>Intel's intentional “management engine” back door has <a href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/"> unintended back doors</a> too.</p> </li> <li id="M201711200"> <p>Amazon recently invited consumers to be suckers and <a href="https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo"> allow delivery staff to open their front doors</a>. Wouldn't you know it, the system has a grave security faults</a>.</p> flaw.</p> </li> <li> <p>Exploits of bugs <li id="M201709290"> <p>Bad security in Windows, which were developed by some cars makes it possible to <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937"> remotely activate the NSA airbags</a>.</p> </li> <li id="M201709200"> <p>A “smart” intravenous pump designed for hospitals is connected to the internet. Naturally <a href="https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml"> its security has been cracked</a>.</p> <p>Note that this article misuses the term <a href="/philosophy/words-to-avoid.html#Hacker">“hackers”</a> referring to crackers.</p> </li> <li id="M201708280"> <p>The bad security in many Internet of Stings devices allows <a href="https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml">ISPs to snoop on the people that use them</a>.</p> <p>Don't be a sucker—reject all the stings.</p> <p>It is unfortunate that the article uses the term <a href="/philosophy/words-to-avoid.html#Monetize">“monetize”</a>.</p> </li> <li id="M201706200.1"> <p>Many models of Internet-connected cameras <a href="/proprietary/proprietary-back-doors.html#InternetCameraBackDoor"> have backdoors</a>.</p> <p>That is a malicious functionality, but in addition it is a gross insecurity since anyone, including malicious crackers, <a href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">can find those accounts and then leaked by the Shadowbrokers group, are now being used use them to <a href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack a great number of Windows computers with ransomware</a>. </p> get into users' cameras</a>.</p> </li> <li id="intel-me-10-year-vulnerability"> <p>Intel's id="M201706050"> <p id="intel-me-10-year-vulnerability">Intel's CPU backdoor—the Intel Management Engine—had a <a href="https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/">major security vulnerability for 10 years</a>.</p> <p>The vulnerability allowed a cracker to access the computer's Intel Active Management Technology (AMT) <a href="https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/"> web interface with an empty password and gave administrative access</a> to access the computer's keyboard, mouse, monitor among other privileges.</p> <p>It does not help that in newer Intel processors, it is impossible to turn off the Intel Management Engine. Thus, even users who are proactive about their security can do nothing to protect themselves besides using machines that don't come with the backdoor.</p> </li> <li> <li id="M201705250"> <p>The proprietary code that runs pacemakers, insulin pumps, and other medical devices is <a href="http://www.bbc.co.uk/news/technology-40042584"> full of gross security faults</a>.</p> </li> <li id="M201705160"> <p>Conexant HD Audio Driver Package (version 1.0.0.46 and earlier) pre-installed on 28 models of HP laptops logged the user's keystroke to a file in the filesystem. Any process with access to the filesystem or the MapViewOfFile API could gain access to the log. Furthermore, <a href="https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt">according to modzero</a> the “information-leak via Covert Storage Channel enables malware authors to capture keystrokes without taking the risk of being classified as malicious task by AV heuristics”.</p> </li> <li id="M201705120"> <p>Exploits of bugs in Windows, which were developed by the NSA and then leaked by the Shadowbrokers group, are now being used to <a href="https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/">attack a great number of Windows computers with ransomware</a>.</p> </li> <li id="M201704050"> <p>Many Android devices <a href="https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/"> can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's non-free firmware.</p> </li> <li> <li id="M201703270"> <p>When Miele's Internet of Stings hospital disinfectant dishwasher is <a href="https://motherboard.vice.com/en_us/article/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit">connected <a href="https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit"> connected to the Internet, its security is crap</a>.</p> <p>For example, a cracker can gain access to the dishwasher's filesystem, infect it with malware, and force the dishwasher to launch attacks on other devices in the network. Since these dishwashers are used in hospitals, such attacks could potentially put hundreds of lives at risk.</p> </li> <li id="M201702200"> <p>If you buy a used “smart” car, house, TV, refrigerator, etc., usually <a href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the previous owners can still remotely control it</a>.</p> </li> <li id="M201702170"> <p>The mobile apps for communicating <a href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with a smart but foolish car have very bad security</a>.</p> <p>This is in addition to the Internet, its security is crap</a>.</p> <p>For example, fact that the car contains a cracker can gain access to cellular modem that tells big brother all the dishwasher's filesystem, infect time where it with malware, and force is. If you own such a car, it would be wise to disconnect the dishwasher modem so as to launch attacks on other devices in turn off the network. Since these dishwashers tracking.</p> </li> <li id="M201701271"> <p>A cracker would be able to <a href="https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/"> turn the Oculus Rift sensors into spy cameras</a> after breaking into the computer they are used in hospitals, such attacks could potentially put hundreds of lives at risk.</p> connected to.</p> <p>Unfortunately, the article <a href="/philosophy/words-to-avoid.html#Hacker">improperly refers to crackers as “hackers”</a>.</p> </li> <li id="M201701270"> <p>Samsung phones <a href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have a security hole that allows an SMS message to install ransomware</a>.</p> </li> <li><p>WhatsApp <li id="M201701130"> <p>WhatsApp has a feature that <a href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/"> has been described as a “back door”</a> because it would enable governments to nullify its encryption.</p> <p>The developers say that it wasn't intended as a back door, and that may well be true. But that leaves the crucial question of whether it functions as one. Because the program is nonfree, we cannot check by studying it.</p></li> <li> it.</p> </li> <li id="M201612060.1"> <p>The “smart” toys My Friend Cayla and i-Que can be <a href="https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws">remotely controlled with a mobile phone</a>; physical access is not necessary. This would enable crackers to listen in on a child's conversations, and even speak into the toys themselves.</p> <p>This means a burglar could speak into the toys and ask the child to unlock the front door while Mommy's not looking.</p> </li> <li> <p>The mobile apps for communicating <a href="https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/">with a smart but foolish car have very bad security</a>.</p> <p>This is in addition to the fact that the car contains a cellular modem that tells big brother all the time where it is. If you own such a car, it would be wise to disconnect the modem so as to turn off the tracking.</p> </li> <li> <p>If you buy a used “smart” car, house, TV, refrigerator, etc., usually <a href="http://boingboing.net/2017/02/20/the-previous-owners-of-used.html">the previous owners can still remotely control it</a>.</p> </li> <li> <p>Samsung phones <a href="https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/">have a security hole that allows an SMS message to install ransomeware</a>.</p> </li> <li> <li id="M201610230"> <p>4G LTE phone networks are drastically insecure. They can be <a href="https://web.archive.org/web/20161027223907/http://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/"> href="https://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/"> taken over by third parties and used for man-in-the-middle attacks</a>.</p> </li> <li> <li id="M201608110"> <p>Due to weak security, <a href="http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844">it is easy to open the doors of 100 million cars built by Volkswagen</a>.</p> </li> <li> <li id="M201608080"> <p>Ransomware <a href="https://www.pentestpartners.com/blog/thermostat-ransomware-a-lesson-in-iot-security/">has href="https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/"> has been developed for a thermostat that uses proprietary software</a>.</p> </li> <li> <li id="M201608020"> <p>A <a href="http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/">flaw in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft account credentials, if the user is tricked into visiting a malicious link.</p> </li> <li> <li id="M201607290"> <p><a href="https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/">“Deleted” WhatsApp messages are not entirely deleted</a>. They can be recovered in various ways. </p> ways.</p> </li> <li> <li id="M201607220"> <p>A vulnerability in Apple's Image I/O API allowed an attacker to <a href="https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple">execute malacious malicious code from any application which uses this API to render a certain kind of image file</a>.</p> </li> <li> <li id="M201607190"> <p>A bug in a proprietary ASN.1 library, used in cell phone towers as well as cell phones and routers, <a href="http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover">allows taking control of those systems</a>.</p> </li> <li> <li id="M201606290"> <p>Antivirus programs have so many errors that <a href="https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374">they may make security worse</a>.</p> <p>GNU/Linux does not need antivirus software.</p> </li> <li> <p>Over 70 brands of network-connected surveillance cameras <a href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html">have security bugs that allow anyone to watch through them</a>.</p> make security worse</a>.</p> <p>GNU/Linux does not need antivirus software.</p> </li> <li> <p> Samsung's <li id="M201605020"> <p>Samsung's “Smart Home” has a big security hole; <a href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/">unauthorized href="http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/"> unauthorized people can remotely control it</a>.</p> <p>Samsung claims that this is an “open” platform so the problem is partly the fault of app developers. That is clearly true if the apps are proprietary software.</p> <p>Anything whose name is “Smart” is most likely going to screw you.</p> </li> <li> <p> The <li id="M201604120"> <p>A bug in the iThings Messages app <a href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">allowed a malicious web site to extract all the user's messaging history</a>.</p> </li> <li id="M201604110"> <p>Malware was found on <a href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html"> security cameras available through Amazon</a>.</p> <p>A camera that records locally on physical media, and has no network connection, does not threaten people with surveillance—neither by watching people through the camera, nor through malware in the camera.</p> </li> <li id="M201603220"> <p>Over 70 brands of network-connected surveillance cameras have <a href="http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html"> security bugs that allow anyone to watch through them</a>.</p> </li> <li id="M201603100"> <p>Many proprietary payment apps <a href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">transmit personal data in an insecure way</a>. However, the worse aspect of these apps is that <a href="/philosophy/surveillance-vs-democracy.html">payment is not anonymous</a>.</p> </li> <li id="M201602240"> <p id="nissan-modem">The Nissan Leaf has a built-in cell phone modem which allows effectively anyone to <a href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/">to href="https://www.troyhunt.com/controlling-vehicle-features-of-nissan/"> access its computers remotely and make changes in various settings</a>.</p> <p>That's easy to do because the system has no authentication when accessed through the modem. However, even if it asked for authentication, you couldn't be confident that Nissan has no access. The software in the car is proprietary, <a href="/philosophy/free-software-even-more-important.html">which means it demands blind faith from its users</a>.</p> <p>Even if no one connects to the car remotely, the cell phone modem enables the phone company to track the car's movements all the time; it is possible to physically remove the cell phone modem modem, though.</p> </li> <li> <p> Malware found on <a href="http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html">security cameras available through Amazon</a>. </p> <p>A camera that records locally on physical media, and has no network connection, does not threaten people with surveillance—neither by watching people through the camera, nor through malware in the camera. </p> </li> <li> <p>A bug in the iThings Messages app <a href="https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/">allowed a malicious web site to extract all the user's messaging history</a>. </p> </li> <li> <p>Many proprietary payment apps <a href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data"> transmit personal data in an insecure way</a>. However, the worse aspect of these apps is that <a href="/philosophy/surveillance-vs-democracy.html">payment is not anonymous</a>. </p> </li> <li> <p> FitBit <li id="M201510210"> <p>FitBit fitness trackers <a href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/"> have a <a href="http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/"> Bluetooth vulnerability</a> that allows attackers to send malware to the devices, which can subsequently spread to computers and other FitBit trackers that interact with them. </p> them.</p> </li> <li> <p> “Self-encrypting” <li id="M201510200"> <p>“Self-encrypting” disk drives do the encryption with proprietary firmware so you can't trust it. Western Digital's “My Passport” drives <a href="https://motherboard.vice.com/en_uk/read/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">have a back door</a>. </p> </li> <li> <p> Mac OS X had an <a href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/"> intentional local back door for 4 years</a>, which could be exploited by attackers to gain root privileges. </p> Western Digital's “My Passport” drives <a href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption"> have a back door</a>.</p> </li> <li> <li id="M201508120"> <p>Security researchers discovered a <a href="http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text"> vulnerability in diagnostic dongles used for vehicle tracking and insurance</a> that let them take remote control of a car or lorry using an SMS. </p> SMS.</p> </li> <li> <p> Crackers <li id="M201507214"> <p>Crackers were able to <a href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/">take href="http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/"> take remote control of the Jeep</a> “connected car”. <br/>They They could track the car, start or stop the engine, and activate or deactivate the brakes, and more. </p> <p> I more.</p> <p>I expect that Chrysler and the NSA can do this too. </p> <p> If too.</p> <p>If I ever own a car, and it contains a portable phone, I will deactivate that. </p> </li> <li> <p> Hospira infusion pumps, which are used to administer drugs to a patient, were rated “<a href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least secure IP device I've ever seen</a>” by a security researcher. </p> <p> Depending on what drug is being infused, the insecurity could open the door to murder. </p> that.</p> </li> <li> <p> Due <li id="M201506080"> <p>Due to bad security in a drug pump, crackers could use it to <a href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/">kill patients</a>. </p> </li> <li> <p> <a href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"> The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry</a>. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are <a href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone"> lots of bugs in the phones' radio software</a>. </p> </li> <li> <p><a href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/"> “Smart homes”</a> turn out to be stupidly vulnerable to intrusion.</p> </li> <li> <p>The <a href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity of WhatsApp</a> makes eavesdropping a snap.</p> </li> <li> <p><a href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html"> The FTC punished a company for making webcams with bad security so that it was easy for anyone to watch them</a>. </p> </li> <li> <p><a href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/"> It is possible to take control of some car computers through malware in music files</a>. Also <a href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0">by radio</a>. Here is <a href="http://www.autosec.org/faq.html">more information</a>. </p> </li> <li> <p><a href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/"> It is possible to href="http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/"> kill people by taking control of medical implants by radio</a>. Here is <a href="http://www.bbc.co.uk/news/technology-17631838">more information</a>. And <a href="http://blog.ioactive.com/2013/02/broken-hearts-how-plausible-was.html">here</a>. </p> patients</a>.</p> </li> <li> <p>Lots of <a href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/">hospital equipment has lousy security</a>, <li id="M201505294"> <p><a href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html"> Many smartphone apps use insecure authentication methods when storing your personal data on remote servers</a>. This leaves personal information like email addresses, passwords, and health information vulnerable. Because many of these apps are proprietary it can be fatal. </p> makes it hard to impossible to know which apps are at risk.</p> </li> <li> <p><a href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/"> Point-of-sale terminals running Windows <li id="M201505050"> <p>Hospira infusion pumps, which are used to administer drugs to a patient, were taken over and turned into rated “<a href="https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/">least secure IP device I've ever seen</a>” by a botnet for security researcher.</p> <p>Depending on what drug is being infused, the purpose of collecting customers' credit card numbers</a>. </p> insecurity could open the door to murder.</p> </li> <li id="M201504090"> <p>Mac OS X had an <a href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/"> intentional local back door for 4 years</a>, which could be exploited by attackers to gain root privileges.</p> </li> <li> <li id="M201405190"> <p>An app to prevent “identity theft” (access to personal data) by storing users' data on a special server <a href="http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/">was deactivated by its developer</a> which had discovered a security flaw. </p> <p> That flaw.</p> <p>That developer seems to be conscientious about protecting personal data from third parties in general, but it can't protect that data from the state. Quite the contrary: confiding your data to someone else's server, if not first encrypted by you with free software, undermines your rights. </p> rights.</p> </li> <li id="M201404250"> <p>Lots of <a href="http://www.wired.com/2014/04/hospital-equipment-vulnerable/"> hospital equipment has lousy security</a>, and it can be fatal.</p> </li> <li id="M201402210"> <p>The <a href="http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/">insecurity of WhatsApp</a> makes eavesdropping a snap.</p> </li> <li id="M201312290"> <p><a href="http://www.bunniestudios.com/blog/?p=3554"> Some flash memories have modifiable software</a>, which makes them vulnerable to viruses.</p> <p>We don't call this a “back door” because it is normal that you can install a new system in a computer, given physical access to it. However, memory sticks and cards should not be modifiable in this way.</p> </li> <li id="M201312040"> <p><a href="http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/"> Point-of-sale terminals running Windows were taken over</a> and turned into a botnet for the purpose of collecting customers' credit card numbers.</p> </li> <li id="M201311120"> <p><a href="https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html"> The NSA can tap data in smart phones, including iPhones, Android, and BlackBerry</a>. While there is not much detail here, it seems that this does not operate via the universal back door that we know nearly all portable phones have. It may involve exploiting various bugs. There are <a href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone"> lots of bugs in the phones' radio software</a>.</p> </li> <li> <li id="M201309054"> <p><a href="http://www.bunniestudios.com/blog/?p=3554"> Some flash memories have modifiable software</a>, which makes them vulnerable to viruses.</p> <p>We href="http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security">The NSA has put back doors into nonfree encryption software</a>. We don't call this a “back door” because it is normal know which ones they are, but we can be sure they include some widely used systems. This reinforces the point that you can install a new system in never trust the security of nonfree software.</p> </li> <li id="M201309050"> <p>The FTC punished a computer given physical access company for making webcams with <a href="http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html"> bad security so that it was easy for anyone to it. However, memory sticks and cards should not be modifiable in this way.</p> watch through them</a>.</p> </li> <li> <li id="M201308060"> <p><a href="http://spritesmods.com/?art=hddhack&page=6"> Replaceable nonfree software in disk drives can be written by a nonfree program.</a> program</a>. This makes any system vulnerable to persistent attacks that normal forensics won't detect.</p> </li> <li> <p><a href="http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html"> Many smartphone apps use insecure authentication methods when storing your personal data on remote servers.</a> This leaves personal <li id="M201307270"> <p> It is possible to <a href="http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/"> kill people by taking control of medical implants by radio</a>. More information like email addresses, passwords, in <a href="http://www.bbc.co.uk/news/technology-17631838">BBC News</a> and health information vulnerable. Because many of these apps are proprietary it makes it hard <a href="https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/"> IOActive Labs Research blog</a>.</p> </li> <li id="M201307260"> <p><a href="http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/"> “Smart homes”</a> turn out to impossible be stupidly vulnerable to know which apps intrusion.</p> </li> <li id="M201212170"> <p id="break-security-smarttv"><a href="http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html"> Crackers found a way to break security on a “smart” TV</a> and use its camera to watch the people who are at risk.</p> watching TV.</p> </li> <li id="M201103110"> <p>It is possible to <a href="http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/"> take control of some car computers through malware in music files</a>. Also <a href="http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0"> by radio</a>. More information in <a href="http://www.autosec.org/faq.html"> Automotive Security And Privacy Center</a>.</p> </li> </ul> </div><!-- for id="content", starts in the include above --> <!--#include virtual="/server/footer.html" --> <div id="footer"> <div class="unprintable"> <p>Please send general FSF & GNU inquiries to <a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>. There are also <a href="/contact/">other ways to contact</a> the FSF. Broken links and other corrections or suggestions can be sent to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p> <p><!-- TRANSLATORS: Ignore the original text in this paragraph, replace it with the translation of these two: We work hard and do our best to provide accurate, good quality translations. However, we are not exempt from imperfection. Please send your comments and general suggestions in this regard to <a href="mailto:web-translators@gnu.org"> <web-translators@gnu.org></a>.</p> <p>For information on coordinating and submitting translations of our web pages, see <a href="/server/standards/README.translations.html">Translations README</a>. --> Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating and submitting translations of this article.</p> </div> <!-- Regarding copyright, in general, standalone pages (as opposed to files generated as part of manuals) on the GNU web server should be under CC BY-ND 4.0. Please do NOT change or remove this without talking with the webmasters or licensing team first. Please make sure the copyright date is consistent with the document. For web pages, it is ok to list just the latest year the document was modified, or published. If you wish to list earlier years, that is ok too. Either "2001, 2002, 2003" or "2001-2003" are ok for specifying years, as long as each year in the range is in fact a copyrightable year, i.e., a year in which the document was published (including being publicly visible on the web or in a revision control system). There is more detail about copyright years in the GNU Maintainers Information document, www.gnu.org/prep/maintain. --> <p>Copyright © 2013, 2015, 2016, 2017 2017, 2018, 2019 Free Software Foundation, Inc.</p> <p>This page is licensed under a <a rel="license" href="http://creativecommons.org/licenses/by-nd/4.0/">Creative href="http://creativecommons.org/licenses/by/4.0/">Creative Commons Attribution-NoDerivatives Attribution 4.0 International License</a>.</p> <!--#include virtual="/server/bottom-notes.html" --> <p class="unprintable">Updated: <!-- timestamp start --> $Date: 2019/05/18 08:29:45 $ <!-- timestamp end --> </p> </div> </div> </div><!-- for class="inner", starts in the banner include --> </body> </html>
...
-
http://www.gnu.org/savannah-checkouts/gnu/www/proprietary/po/proprietary-insecurity.it-diff.html
- [detail]
- [similar]
PREV
NEXT