<!--#include virtual="/server/header.html" --> <!-- Parent-Version:1.831.96 --> <!--#set var="DISABLE_TOP_ADDENDUM" value="yes" --> <!-- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Please do not edit <ul class="blurbs">! Instead, edit /proprietary/workshop/mal.rec, then regenerate pages. See explanations in /proprietary/workshop/README.md. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --> <title>Proprietary Back Doors - GNU Project - Free Software Foundation</title> <link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" /> <!--#include virtual="/proprietary/po/proprietary-back-doors.translist" --> <!--#include virtual="/server/banner.html" --> <div class="nav"> <a id="side-menu-button" class="switch" href="#navlinks"> <img id="side-menu-icon" height="32" src="/graphics/icons/side-menu.png" title="Section contents" alt=" [Section contents] " /> </a> <p class="breadcrumb"> <a href="/"><img src="/graphics/icons/home.png" height="24" alt="GNU Home" title="GNU Home" /></a> / <a href="/proprietary/proprietary.html">Malware</a> / By type / </p> </div> <!--GNUN: OUT-OF-DATE NOTICE--> <!--#include virtual="/server/top-addendum.html" --> <div style="clear: both"></div> <div id="last-div" class="reduced-width"> <h2>Proprietary Back Doors</h2><p><a href="/proprietary/proprietary.html">Other examples of proprietary malware</a></p><div class="infobox"> <hr class="full-width" /> <p>Nonfree (proprietary) software is very often malware (designed to mistreat the user). Nonfree software is controlled by its developers, which puts them in a position of power over the users; <a href="/philosophy/free-software-even-more-important.html">that is the basic injustice</a>. The developers and manufacturers often exercise that power to the detriment of the users they ought to serve.</p><p>Here<p>This typically takes the form of malicious functionalities.</p> <hr class="full-width" /> </div> <div class="article"> <p>Some malicious functionalities are mediated by <a href="/proprietary/proprietary.html#f1">back doors</a>. Here are examples ofdemonstratedprograms that contain one or several of those, classified according to what the back door is known to have the power to do. Back doors that allow full control over the programs which contain them are said to be “universal.”</p> <div class="important"> <p>If you know of an example that ought to be inproprietary software.</p> <!-- WEBMASTERS: make surethis page but isn't here, please write toplace new items<a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a> to inform us. Please include the URL of a trustworthy reference or two to serve as specific substantiation.</p> </div> <div id="TOC" class="toc-inline"> <h3>Back-door functionalities</h3> <ul> <li><a href="#spy">Spying</a></li> <li><a href="#alter-data">Altering user's data or settings</a></li> <li><a href="#install-delete">Installing, deleting or disabling programs</a></li> <li><a href="#universal">Full control</a></li> <li><a href="#other">Other/undefined</a></li> </ul> </div> <h3 id='spy'>Spying</h3> <ul class="blurbs"> <li id="M202008030"> <!--#set var="DATE" value='<small class="date-tag">2020-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google Nest <a href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/"> is taking over ADT</a>. Google sent out a software update to its speaker devices using their back door <a href="https://www.protocol.com/google-smart-speaker-alarm-adt"> that listens for things like smoke alarms</a> and then notifies your phone that an alarm is happening. This means the devices now listen for more than just their wake words. Google says the software update was sent out prematurely and ontop under each subsectionaccident and Google was planning on disclosing this new feature and offering it to customers who pay for it.</p> </li> <li id="M201706200.2"> <!--#set var="DATE" value='<small class="date-tag">2017-06</small>' --><!--#echo encoding="none" var="DATE" --><ul> <li><p id="InternetCameraBackDoor">Many models of Internet-connected cameras contain a glaringbackdoor—theyback door—they have login accounts with hard-coded passwords, which can't be changed, and <ahref="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">href="https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/"> there is no way to delete these accountseither</a>. </p>either</a>.</p> <p>Since these accounts with hard-coded passwords are impossible to delete, this problem is not merely an insecurity; it amounts to abackdoorback door that can be used by the manufacturer (and government) to spy on users.</p> </li><li> <p>Vizio “smart” TVs<li id="M201701130"> <!--#set var="DATE" value='<small class="date-tag">2017-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>WhatsApp has a feature that <ahref="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">havehref="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/"> has been described as auniversal back door</a>.</p> </li> <li><p>The Amazon Echo appears“back door”</a> because it would enable governments tohavenullify its encryption.</p> <p>The developers say that it wasn't intended as auniversalback door,since <a href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates"> it installs “updates” automatically</a>.</p> <p>We have found nothing explicitly documentingand that may well be true. But that leaves thelackcrucial question ofany way to disable remote changes towhether it functions as one. Because thesoftware, soprogram is nonfree, weare not completely sure there isn't one, but it seems pretty clear.</p>cannot check by studying it.</p> </li> <liid="chrome-erase-addons"><p>Chromeid="M201512280"> <!--#set var="DATE" value='<small class="date-tag">2015-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft hasa back door<ahref="https://consumerist.com/2017/01/18/why-is-google-blocking-this-ad-blocker-on-chrome/">for remote erasure of add-ons</a>.</p>href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> backdoored its disk encryption</a>.</p> </li><li> <p>WhatsApp<li id="M201409220"> <!--#set var="DATE" value='<small class="date-tag">2014-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Apple can, and regularly does, <a href="https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/"> remotely extract some data from iPhones for the state</a>.</p> <p>This may have improved with <ahref="https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages">hashref="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/"> iOS 8 security improvements</a>; but <a href="https://theintercept.com/2014/09/22/apple-data/"> not as much as Apple claims</a>.</p> </li> </ul> <h3 id='alter-data'>Altering user's data or settings</h3> <ul class="blurbs"> <li id="M202109220"> <!--#set var="DATE" value='<small class="date-tag">2021-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Some Xiaomi phones <a href="https://www.theguardian.com/world/2021/sep/22/lithuania-tells-citizens-to-throw-out-chinese-phones-over-censorship-concerns">have a malfeature to bleep out phrases that express political views China does not like</a>. In phones sold in Europe, Xiaomi leaves this deactivated by default, but has a back door to activate the censorship.</p> <p>This is the natural result of having nonfree software in a device that can communicate with the companycan usethat made it.</p> </li> <li id="M201905060"> <!--#set var="DATE" value='<small class="date-tag">2019-05</small>' --><!--#echo encoding="none" var="DATE" --> <p>BlizzCon 2019 imposed a <a href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/"> requirement toreadrun a proprietary phone app</a> to be allowed into theplaintext of messages</a>.</p>event.</p> <p>Thisshould not come asapp is asurprise. Nonfree softwarespyware that can snoop on a lot of sensitive data, including user's location and contact list, and has <a href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/"> near-complete control</a> over the phone.</p> </li> <li id="M201809140"> <!--#set var="DATE" value='<small class="date-tag">2018-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Android has a <a href="https://www.theverge.com/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change"> back door forencryption is never trustworthy.</p>remotely changing “user” settings</a>.</p> <p>The article suggests it might be a universal back door, but this isn't clear.</p> </li> <li id="M201607284"> <!--#set var="DATE" value='<small class="date-tag">2016-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Dropbox app for Macintosh <a href="https://web.archive.org/web/20180124123506/http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/"> takes control of user interface items after luring the user into entering an admin password</a>.</p> </li><li><p>A<li id="M201604250"> <!--#set var="DATE" value='<small class="date-tag">2016-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>A pregnancy test controller application not only can <ahref="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">spyhref="https://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security"> spy on many sorts of data in the phone, and in server accounts, it can alter them too</a>.</p> </li><li> <p>Xiaomi phones come with <a href="https://www.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered">a universal<li id="M201512074"> <!--#set var="DATE" value='<small class="date-tag">2015-12</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="https://www.computerworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html"> Some D-Link routers</a> have a back doorin the application processor,forXiaomi's use</a>.</p> <p>This is separate from <a href="#universal-back-door-phone-modem">the universal back doorchanging settings inthe modem processor that the local phone company can use</a>.</p> </li> <li><p>Capcom's Street Fighter V update <a href="https://web.archive.org/web/20160930051146/http://www.theregister.co.uk/2016/09/23/capcom_street_fighter_v/">installedadriver that can be used as a backdoor by any application installed ondlink of an eye.</p> <p><a href="https://sekurak.pl/tp-link-httptftp-backdoor/"> The TP-Link router has aWindows computer</a>.</p>back door</a>.</p> <p><a href="https://github.com/elvanderb/TCP-32764">Many models of routers have back doors</a>.</p> </li><li><p>The Dropbox app for Macintosh<li id="M201511244"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Google has long had <ahref="http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/">takes total control of the machine by repeatedly nagging the user forhref="https://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">a back door to remotely unlock anadmini password</a>.</p>Android device</a>, unless its disk is encrypted (possible since Android 5.0 Lollipop, but still not quite the default).</p> </li> <liid="universal-back-door-phone-modem"><p>The universalid="M201511194"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Caterpillar vehicles come with <a href="https://web.archive.org/web/20201108113943/https://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it"> a back doorin portable phones <a href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">is employedtolisten through their microphones</a>.</p> <p>More about <a href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">the nature of this problem</a>.</p>shutoff the engine</a> remotely.</p> </li><li><p><a href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/"> Microsoft has already backdoored its disk encryption</a>.</p></li> <li><p>Modern<li id="M201509160"> <!--#set var="DATE" value='<small class="date-tag">2015-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Modern gratis game cr…apps <ahref="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">href="https://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/"> collect a wide range of data about their users and their users' friends and associates</a>.</p> <p>Even nastier, they do it through ad networks that merge the data collected by various cr…apps and sites made by different companies.</p> <p>They use this data to manipulate people to buy things, and hunt for “whales” who can be led to spend a lot of money. They also use a back door to manipulate the game play for specific players.</p> <p>While the article describes gratis games, games that cost money can use the same tactics.</p> </li><li> <p>Dell computers, shipped<li id="M201403120.1"> <!--#set var="DATE" value='<small class="date-tag">2014-03</small>' --><!--#echo encoding="none" var="DATE" --> <p id="samsung"><a href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor"> Samsung Galaxy devices running proprietary Android versions come withWindows, hadabogus root certificateback door</a> that<a href="http://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/">allowed anyone (not just Dell) to remotely authorize any softwareprovides remote access torun</a>the files stored on thecomputer.</p>device.</p> </li><li> <p>Baidu's proprietary Android library, Moplus,<li id="M201210220"> <!--#set var="DATE" value='<small class="date-tag">2012-10</small>' --><!--#echo encoding="none" var="DATE" --> <p id="swindle-eraser">The Amazon Kindle-Swindle has a back door that<a href="https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made">can “upload files” as well as forcibly install apps</a>.</p> <p>It is used by 14,000 Android applications.</p> </li> <li><p>ARRIS cable modemhasabeen used to <ahref="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1"> backdoor inhref="https://web.archive.org/web/20220319193415/https://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/"> remotely erase books</a>. One of thebackdoor</a>.</p> </li> <li><p>Caterpillar vehicles come with <a href="http://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it">a back-doorbooks erased was <cite>1984</cite>, by George Orwell.</p> <p>Amazon responded toshutoffcriticism by saying it would delete books only following orders from theengine</a> remotely.</p> </li> <li><p> Mac OS X had anstate. However, that policy didn't last. In 2012 it <ahref="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/"> intentional localhref="https://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html"> wiped a user's Kindle-Swindle and deleted her account</a>, then offered her kafkaesque “explanations.”</p> <p>Do other ebook readers have back doors in their nonfree software? We don't know, and we have no way to find out. There is no reason to assume that they don't.</p> </li> <li id="M201011220"> <!--#set var="DATE" value='<small class="date-tag">2010-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>The iPhone has a back door for4 years</a>. </p></li> <li><p>Users reported that<ahref="http://www.networkworld.com/article/2993490/windows/windows-10-upgrades-reportedly-appearing-as-mandatory-for-some-users.html#tk.rss_all"> Microsoft was forcing them to replace Windows 7 and 8 with all-spying Windows 10</a>.</p> <p>Microsoft was in facthref="https://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone"> remote wipe</a>. It's not always enabled, but users are led into enabling it without understanding.</p> </li> </ul> <h3 id='install-delete'>Installing, deleting or disabling programs</h3> <ul class="blurbs"> <li id="M202208220"> <!--#set var="DATE" value='<small class="date-tag">2022-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Tesla <ahref="http://www.computerworld.com/article/3012278/microsoft-windows/microsoft-sets-stage-for-massive-windows-10-upgrade-strategy.html"> attacking computershref="https://www.cnn.com/2022/08/22/business/tesla-fsd-price-increase/index.html"> sells an add-on software feature thatrun Windows 7 and 8</a>, switchingdrivers are not allowed to use</a>.</p> <p>This practice depends on aflag that said whetherback door, which is unjust in itself. Asking users to“upgrade”buy something years in advance toWindows 10 when users had turned it off.</p> <p>Later on, Microsoft published instructions onavoid having to pay an even higher price later is manipulative.</p> </li> <li id="M202110130"> <!--#set var="DATE" value='<small class="date-tag">2021-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>Adobe <ahref="http://arstechnica.com/information-technology/2016/01/microsoft-finally-has-a-proper-way-to-opt-out-of-windows-78-to-windows-10-upgrades/"> howhref="https://web.archive.org/web/20211014123717/https://pluralistic.net/2021/10/13/theres-an-app-for-that/#gnash">has licensed its Flash Player topermanently rejectChina's Zhong Cheng Network</a> who is offering thedowngrade to Windows 10</a>.</p> <p>This seemsprogram bundled with spyware and a back door that can remotely deactivate it.</p> <p>Adobe is responsible for this since they gave Zhong Cheng Network permission toinvolvedo this. This injustice involves “misuse” of the DMCA, but “proper,” intended use of the DMCA is aback door in Windows 7 and 8.</p>much bigger injustice. There is <a href="/philosophy/right-to-read.html">a series of errors related to DMCA</a>.</p> </li><li> <p>Most mobile phones<li id="M202108240"> <!--#set var="DATE" value='<small class="date-tag">2021-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>Recent Samsung TVs have auniversalbackdoor,door with whichhas been used toSamsung can <ahref="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html"> turnhref="https://www.pcmag.com/news/samsung-can-remotely-disable-any-of-its-tvs-worldwide"> brick themmalicious</a>. </p>remotely</a>.</p> </li><li><li id="M202106190"> <!--#set var="DATE" value='<small class="date-tag">2021-06</small>' --><!--#echo encoding="none" var="DATE" --> <p><ahref="http://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor"> A Chinese version ofhref="https://arstechnica.com/gadgets/2021/06/even-creepier-covid-tracking-google-silently-pushed-app-to-users-phones/">Google automatically installed an app on many proprietary Android phones</a>. The app might or might not do malicious things but the power Google has over proprietary Android phones is dangerous.</p> </li> <li id="M202012020"> <!--#set var="DATE" value='<small class="date-tag">2020-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>Adobe Flash Player <a href="https://www.adobe.com/products/flashplayer/end-of-life.html"> has a universal backdoor</a>. Nearly all models of mobile phonesdoor</a> which lets Adobe control the software and, for example, disable it whenever it wants. Adobe will block Flash content from running in Flash Player beginning January 12, 2021, which indicates that they have access to every Flash Player through auniversalback door.</p> <p>The back door won't be dangerous in themodem chip. So why did Coolpad botherfuture, as it'll disable a proprietary program and make users delete the software, but it was an injustice for many years. Users should have deleted Flash Player even before its end of life.</p> </li> <li id="M202007020"> <!--#set var="DATE" value='<small class="date-tag">2020-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>BMW is trying tointroduce another? Because this one<a href="https://www.theverge.com/2020/7/2/21311332/bmw-in-car-purchase-heated-seats-software-over-the-air-updates">lock certain features of its cars, and force people to pay to use part of the car they already bought</a>. This iscontrolled by Coolpad. </p> </li> <li> <p>Microsoft Windows hasdone through forced update of the car software via auniversalradio-operated backdoor through whichdoor.</p> </li> <li id="M201908270"> <!--#set var="DATE" value='<small class="date-tag">2019-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>A very popular app found in the Google Play store contained a module that was designed to <ahref="https://web.archive.org/web/20071011010707/http://informationweek.com/news/showArticle.jhtml?articleID=201806263"> any change whatsoever can be imposedhref="https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/">secretly install malware on theusers</a>. </p> <p>More information on when <a href="http://slated.org/windows_by_stealth_the_updates_you_dont_want"> this was used</a>. </p> <p>In Windows 10,user's computer</a>. The app developers regularly used it to make theuniversal back doorcomputer download and execute any code they wanted.</p> <p>This isno longer hidden; all “upgrades” willa concrete example of what users are exposed to when they run nonfree apps. They can never be<a href="http://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/">forcibly and immediately imposed</a>. </p>completely sure that a nonfree app is safe.</p> </li><li><p>German government <a href="https://web.archive.org/web/20160310201616/http://drleonardcoldwell.com/2013/08/23/leaked-german-government-warns-key-entities-not-to-use-windows-8-linked-to-nsa/">veers away from Windows 8 computers with TPM 2.0 due<li id="M201907100"> <!--#set var="DATE" value='<small class="date-tag">2019-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Apple appears topotentialsay that <a href="https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/"> there is a back doorcapabilities ofin MacOS</a> for automatically updating some (all?) apps.</p> <p>The specific change described in theTPM 2.0 chip</a>.</p>article was not malicious—it protected users from surveillance by third parties—but that is a separate question.</p> </li><li> <p>The iPhone<li id="M201811100"> <!--#set var="DATE" value='<small class="date-tag">2018-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Corel Paintshop Pro has a <a href="https://torrentfreak.com/corel-wrongly-accuses-licensed-user-of-piracy-disables-software-remotely-181110/"> back door<a href="http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html">thatallows Apple to remotely delete apps</a> which Apple considers “inappropriate”. Jobs said it's ok for Applecan make it cease tohave this power becausefunction</a>.</p> <p>The article is full ofcourseconfusions, errors and biases that wecan trust Apple. </p> </li> <li> <p>The iPhone hashave an obligation to expose, given that we are making a link to them.</p> <ul> <li>Getting a patent does not “enable” a company to do any particular thing in its products. What it does enable the company to do is sue other companies if they do some particular thing in their products.</li> <li>A company's policies about when to attack users through a back doorforare beside the point. Inserting the back door is wrong in the first place, and using the back door is always wrong too. No software developer should have that power over users.</li> <li>“<a href="/philosophy/words-to-avoid.html#Piracy">Piracy</a>” means attacking ships. Using that word to refer to sharing copies is a smear; please don't smear sharing.</li> <li><p>The idea of “protecting our IP” is total confusion. The term “IP” itself is a <ahref="http://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone"> remote wipe</a>.href="/philosophy/not-ipr.html">bogus generalization about things that have nothing in common</a>.</p> <p>In addition, to speak of “protecting” that bogus generalization is a separate absurdity. It'snot always enabled, but userslike calling the cops because neighbors' kids areled into enablingplaying on your front yard, and saying that you're “protecting the boundary line”. The kids can't do harm to the boundary line, not even with a jackhammer, because itwithout understanding. </p> </li> <li> <p>Apple can,is an abstraction andregularly does,can't be affected by physical action.</p></li> </ul> </li> <li id="M201804010"> <!--#set var="DATE" value='<small class="date-tag">2018-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Some “Smart” TVs automatically <ahref="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/"> remotely extract some data from iPhoneshref="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928"> load downgrades that install a surveillance app</a>.</p> <p>We link to the article for thestate</a>. </p> <p>This may have improved withfacts it presents. It is too bad that the article finishes by advocating the moral weakness of surrendering to Netflix. The Netflix app <ahref="http://www.washingtonpost.com/business/technology/2014/09/17/2612af58-3ed2-11e4-b03f-de718edeb92f_story.html"> iOS 8 security improvements</a>; buthref="/proprietary/malware-google.html#netflix-app-geolocation-drm">is malware too</a>.</p> </li> <li id="M201511090"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Baidu's proprietary Android library, Moplus, has a back door that <ahref="https://firstlook.org/theintercept/2014/09/22/apple-data/"> nothref="https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made"> can “upload files” asmuchwell asApple claims</a>.</p>forcibly install apps</a>.</p> <p>It is used by 14,000 Android applications.</p> </li><li> <p><a href="http://www.computerworld.com/article/2500036/desktop-apps/microsoft--we-can-remotely-delete-windows-8-apps.html"><li id="M201112080"> <!--#set var="DATE" value='<small class="date-tag">2011-12</small>' --><!--#echo encoding="none" var="DATE" --> <p> In addition to its <a href="#windows-update">universal back door</a>, Windows 8alsohas a back door for <a href="https://www.computerworld.com/article/2500036/microsoft--we-can-remotely-delete-windows-8-apps.html"> remotely deletingapps</a>. </p> <p> Youapps</a>.</p> <p>You might well decide to let a security service that you trust remotely <em>deactivate</em> programs that it considers malicious. But there is no excuse for <em>deleting</em> the programs, and you should have the right to decidewhowhom (if anyone) to trust in thisway. </p> <p> As these pages show, if you do want to clean your computer of malware, the first software to delete is Windows or iOS. </p>way.</p> </li><li><li id="M201103070"> <!--#set var="DATE" value='<small class="date-tag">2011-03</small>' --><!--#echo encoding="none" var="DATE" --> <p>In Android, <ahref="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">href="https://www.computerworld.com/article/2506557/google-throws--kill-switch--on-android-phones.html"> Google has a back door to remotely deleteapps.</a>apps</a>. (Itiswas in a program calledGTalkService). </p> <p>GTalkService, which seems since then to have been merged into Google Play.)</p> <p>Google can also <a href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/"> forcibly and remotely install apps</a> throughGTalkService (which seems, since that article, to have been merged into Google Play).GTalkService. This is not equivalent to a universal back door, but permits various dirtytricks. </p> <p> Althoughtricks.</p> <p>Although Google's <em>exercise</em> of this power has not been malicious so far, the point is that nobody should have such power, which could also be used maliciously. You might well decide to let a security service remotely <em>deactivate</em> programs that it considers malicious. But there is no excuse for allowing it to <em>delete</em> the programs, and you should have the right to decide who (if anyone) to trust in thisway. </p>way.</p> </li><li> <p><a id="samsung" href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor"> Samsung Galaxy devices running proprietary Android versions come<li id="M200808110"> <!--#set var="DATE" value='<small class="date-tag">2008-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>The iPhone has a back door <a href="https://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html"> that allows Apple to remotely delete apps</a> which Apple considers “inappropriate”. Jobs said it's OK for Apple to have this power because of course we can trust Apple.</p> </li> </ul> <h3 id='universal'>Full control</h3> <ul class="blurbs"> <li id="M202111201"> <!--#set var="DATE" value='<small class="date-tag">2021-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>NordicTrack, a company that sells exercise machines with ability to show videos <a href="https://arstechnica.com/information-technology/2021/11/locked-out-of-god-mode-runners-are-hacking-their-treadmills/">limits what people can watch, and recently disabled a feature</a> that was originally functional. This happened through automatic update and probably involved a universal backdoor</a>door.</p> </li> <li id="M202106220"> <!--#set var="DATE" value='<small class="date-tag">2021-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>Peloton company which produces treadmills recently <a href="https://www.bleepingcomputer.com/news/technology/peloton-tread-owners-now-forced-into-monthly-subscription-after-recall/">locked people out of basic features of people's treadmills by a software update</a>. The company now asks people for a membership/subscription for what people already paid for.</p> <p>The software used in the treadmill is proprietary and probably includes back doors to force software updates. It teaches the lesson thatprovides remote accessif a product talks to external networks, you must expect it to take in new malware.</p> <p>Please note that thefiles stored oncompany behind this product said they are working to reverse thedevice. </p>changes so people will no longer need subscription to use the locked feature.</p> <p>Apparently public anger made the company back down. If we want that to be our safety, we need to build up the anger against malicious features (and the proprietary software that is their entry path) to the point that even the most powerful companies don't dare.</p> </li><li><li id="M202102180"> <!--#set var="DATE" value='<small class="date-tag">2021-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Microsoft is <a href="https://uk.pcmag.com/operating-systems/131798/microsoft-starts-automatically-removing-flash-from-windows">forcibly removing the Flash player from computers running Windows 10</a>, using <a href="/proprietary/proprietary-back-doors.html#windows-update">a universal backdoor in Windows</a>.</p> <p>TheAmazon Kindle-Swindle has a back doorfact that Flash has beenused to<ahref="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/"> remotely erase books</a>. Onehref="/proprietary/proprietary-back-doors.html#M202012020">disabled by Adobe</a> is no excuse for this abuse of power. The nature of proprietary software, such as Microsoft Windows, gives thebooks erased was 1984,developers power to impose their decisions on users. Free software on the other hand empowers users to make their own decisions.</p> </li> <li id="M202011230"> <!--#set var="DATE" value='<small class="date-tag">2020-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Some Wavelink and JetStream wifi routers have universal back doors that enable unauthenticated users to remotely control not only the routers, but also any devices connected to the network. There is evidence that <a href="https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/"> this vulnerability is actively exploited</a>.</p> <p>If you consider buying a router, we encourage you to get one that <a href="https://ryf.fsf.org/categories/routers">runs on free software</a>. Any attempts at introducing malicious functionalities in it (e.g., through a firmware update) will be detected byGeorge Orwell. </p> <p>Amazon respondedthe community, and soon corrected.</p> <p>If unfortunately you own a router that runs on proprietary software, don't panic! You may be able tocriticismreplace its firmware with a free operating system such as <a href="https://librecmc.org">libreCMC</a>. If you don't know how, you can get help from a nearby GNU/Linux user group.</p> </li> <li id="M202011060"> <!--#set var="DATE" value='<small class="date-tag">2020-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>A new app published bysayingGoogle <a href="https://www.xda-developers.com/google-device-lock-controller-banks-payments/">lets banks and creditors deactivate people's Android devices</a> if they fail to make payments. If someone's device gets deactivated, itwould delete books only following orders fromwill be limited to basic functionality, such as emergency calling and access to settings.</p> </li> <li id="M202007010"> <!--#set var="DATE" value='<small class="date-tag">2020-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>BMW will remotely <a href="https://www.cnet.com/roadshow/news/bmw-vehicle-as-a-platform/"> enable and disable functionality in cars</a> through a universal back door.</p> </li> <li id="M202004130"> <!--#set var="DATE" value='<small class="date-tag">2020-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>The <a href="https://play.google.com/about/play-terms/"> Google Play Terms of Service</a> insist that thestate. However,user of Android accept the presence of universal back doors in apps released by Google.</p> <p>This does not tell us whether any of Google's apps currently contains a universal back door, but thatpolicy didn't last.is a secondary question. In2012 itmoral terms, demanding that people accept in advance certain bad treatment is equivalent to actually doing it. Whatever condemnation the latter deserves, the former deserves the same.</p> </li> <li id="M202001090"> <!--#set var="DATE" value='<small class="date-tag">2020-01</small>' --><!--#echo encoding="none" var="DATE" --> <p>Android phones subsidized by the US government come with <ahref="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">wiped a user's Kindle-Swindlehref="https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/"> preinstalled adware anddeleted her account</a>, then offered her kafkaesque “explanations.”</p>a back door for forcing installation of apps</a>.</p> <p>TheKindle-Swindle also hasadware is in a modified version of an essential system configuration app. The back door is a surreptitious addition to a program whose stated purpose is to be a <ahref="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090">href="https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/"> universal backdoor</a>. </p>door for firmware</a>.</p> <p>In other words, a program whose raison d'ĂȘtre is malicious has a secret secondary malicious purpose. All this is in addition to the malware of Android itself.</p> </li><li> <p>HP “storage appliances”<li id="M201910130.1"> <!--#set var="DATE" value='<small class="date-tag">2019-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Chinese Communist Party's <a href="/proprietary/proprietary-surveillance.html#M201910130"> “Study the Great Nation” app</a> was found to contain <a href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962"> a back-door allowing developers to run any code they wish</a> in the users' phone, as “superusers.”</p> <p>Note: The <a href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html"> Washington Post version of the article</a> (partly obfuscated, but readable after copy-pasting in a text editor) includes a clarification saying thatusetheproprietary “Left Hand”tests were only performed on the Android version of the app, and that, according to Apple, “this kind of ‘superuser’ surveillance could not be conducted on Apple's operatingsystem havesystem.”</p> </li> <li id="M201908220"> <!--#set var="DATE" value='<small class="date-tag">2019-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>ChromeBooks are programmed for obsolescence: ChromeOS has a universal backdoorsdoor thatgive HPis used for updates and <ahref="http://news.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/"> remote login access</a>href="https://www.theregister.com/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/"> ceases tothem. HP claims that this does not give HPoperate at a predefined date</a>. From then on, there appears to be no support whatsoever for the computer.</p> <p>In other words, when you stop getting screwed by the back door, you start getting screwed by the obsolescence.</p> </li> <li id="M201902011"> <!--#set var="DATE" value='<small class="date-tag">2019-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>The FordPass Connect feature of some Ford vehicles has <a href="https://web.archive.org/web/20200530023040/https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html"> near-complete access to thecustomer'sinternal car network</a>. It is constantly connected to the cellular phone network and sends Ford a lot of data,but ifincluding car location. This feature operates even when theback door allows installationignition key is removed, and users report that they can't disable it.</p> <p>If you own one of these cars, have you succeeded in breaking the connectivity by disconnecting the cellular modem, or wrapping the antenna in aluminum foil?</p> </li> <li id="M201812300"> <!--#set var="DATE" value='<small class="date-tag">2018-12</small>' --><!--#echo encoding="none" var="DATE" --> <p>New GM cars <a href="https://media.gm.com/media/us/en/gmc/vehicles/canyon/2019.html"> offer the feature ofsoftware changes,achangeuniversal back door</a>.</p> <p>Every nonfree program offers the user zero security against its developer. With this malfeature, GM has explicitly made things even worse.</p> </li> <li id="M201711244"> <!--#set var="DATE" value='<small class="date-tag">2017-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Furby Connect has a <a href="https://web.archive.org/web/20220604212722/https://www.contextis.com/en/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect"> universal back door</a>. If the product as shipped doesn't act as a listening device, remote changes to the code couldbe installedsurely convert it into one.</p> </li> <li id="M201711010"> <!--#set var="DATE" value='<small class="date-tag">2017-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Sony has brought back its robotic pet Aibo, this time <a href="https://www.vice.com/en/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet"> with a universal back door, and tethered to a server that requires a subscription</a>.</p> </li> <li id="M201709090.1"> <!--#set var="DATE" value='<small class="date-tag">2017-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Tesla used software to limit the part of the battery that was available to customers in some cars, and <a href="https://techcrunch.com/2017/09/09/tesla-flips-a-switch-to-increase-the-range-of-some-cars-in-florida-to-help-people-evacuate/"> a universal back door in the software</a> to temporarily increase this limit.</p> <p>While remotely allowing car “owners” to use the whole battery capacity did not do them any harm, the same back door wouldgive accesspermit Tesla (perhaps under the command of some government) to remotely order thecustomer's data. </p>car to use none of its battery. Or perhaps to drive its passenger to a torture prison.</p> </li><li> <p><a href="http://www.itworld.com/article/2705284/data-protection/backdoor-found-in-d-link-router-firmware-code.html"> Some D-Link routers</a><li id="M201702060.1"> <!--#set var="DATE" value='<small class="date-tag">2017-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>Vizio “smart” TVs <a href="https://www.ftc.gov/business-guidance/blog/2017/02/what-vizio-was-doing-behind-tv-screen"> have a universal back door</a>.</p> </li> <li id="M201609130"> <!--#set var="DATE" value='<small class="date-tag">2016-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Xiaomi phones come with <a href="https://web.archive.org/web/20190424082647/http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/"> a universal back door in the application processor, forchanging settingsXiaomi's use</a>.</p> <p>This is separate from <a href="#universal-back-door-phone-modem">the universal back door in the modem processor that the local phone company can use</a>.</p> </li> <li id="M201608171"> <!--#set var="DATE" value='<small class="date-tag">2016-08</small>' --><!--#echo encoding="none" var="DATE" --> <p id="windows-update">Microsoft Windows has adlink of an eye. </p> <p>universal back door through which <ahref="https://github.com/elvanderb/TCP-32764">Many models of routerhref="https://www.informationweek.com/government/microsoft-updates-windows-without-user-permission-apologizes"> any change whatsoever can be imposed on the users</a>.</p> <p>This was <a href="https://web.archive.org/web/20200219180230/http://slated.org/windows_by_stealth_the_updates_you_dont_want"> reported in 2007</a> for XP and Vista, and it seems that Microsoft used the same method to push the <a href="/proprietary/malware-microsoft.html#windows10-forcing"> Windows 10 downgrade</a> to computers running Windows 7 and 8.</p> <p>In Windows 10, the universal back door is no longer hidden; all “upgrades” will be <a href="https://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/"> forcibly and immediately imposed</a>.</p> </li> <li id="M201606060"> <!--#set var="DATE" value='<small class="date-tag">2016-06</small>' --><!--#echo encoding="none" var="DATE" --> <p>The Amazon Echo appears to have a universal backdoors</a>.</p>door, since <a href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates"> it installs “updates” automatically</a>.</p> <p>We have found nothing explicitly documenting the lack of any way to disable remote changes to the software, so we are not completely sure there isn't one, but this seems pretty clear.</p> </li><li><li id="M201412180"> <!--#set var="DATE" value='<small class="date-tag">2014-12</small>' --><!--#echo encoding="none" var="DATE" --> <p><ahref="http://sekurak.pl/tp-link-httptftp-backdoor/"> The TP-Link routerhref="https://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor"> A Chinese version of Android has abackdoor</a>.</p>universal back door</a>. Nearly all models of mobile phones have a <a href="#universal-back-door-phone-modem"> universal back door in the modem chip</a>. So why did Coolpad bother to introduce another? Because this one is controlled by Coolpad.</p> </li><li><li id="M201311300"> <!--#set var="DATE" value='<small class="date-tag">2013-11</small>' --><!--#echo encoding="none" var="DATE" --> <p><a href="http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/"> Some applications come with MyFreeProxy, which is a universal backdoordoor</a> that can download programs and runthem.</a> </p>them.</p> </li> <li id="M201202280"> <!--#set var="DATE" value='<small class="date-tag">2012-02</small>' --><!--#echo encoding="none" var="DATE" --> <p>ChromeOS has a universal back door. At least, Google says it does—in <a href="https://www.google.com/intl/en/chromebook/termsofservice.html"> section 4 of the EULA</a>.</p> </li> <li id="M200700000.1"> <!--#set var="DATE" value='<small class="date-tag">[2007]</small>' --><!--#echo encoding="none" var="DATE" --> <p>In addition to its <a href="#swindle-eraser">book eraser</a>, the Kindle-Swindle has a <a href="https://www.amazon.com/gp/help/customer/display.html?nodeId=200774090"> universal back door</a>.</p> </li> <li id="M200612050"> <!--#set var="DATE" value='<small class="date-tag">2006-12</small>' --><!--#echo encoding="none" var="DATE" --> <p id="universal-back-door-phone-modem">Almost every phone's communication processor has a universal back door which is <a href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html"> often used to make a phone transmit all conversations it hears</a>. See <a href="/proprietary/malware-mobiles.html#universal-back-door-phone-modem">Malware in Mobile Devices</a> for more info.</p> </li> </ul> <h3 id='other'>Other or undefined</h3> <ul class="blurbs"> <li id="M201711204"> <!--#set var="DATE" value='<small class="date-tag">2017-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Intel's intentional “management engine” back door has <a href="https://www.theregister.com/2017/11/20/intel_flags_firmware_flaws/"> unintended back doors</a> too.</p> </li> <li id="M201609240"> <!--#set var="DATE" value='<small class="date-tag">2016-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>A Capcom's Street Fighter V update <a href="https://www.theregister.com/2016/09/23/capcom_street_fighter_v/"> installed a driver that could be used as a back door by any application installed on a Windows computer</a>, but was <a href="https://www.rockpapershotgun.com/street-fighter-v-removes-new-anti-crack"> immediately rolled back</a> in response to public outcry.</p> </li> <li id="M201511260"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>Dell computers, shipped with Windows, had a bogus root certificate that <a href="https://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/"> allowed anyone (not just Dell) to remotely authorize any software to run</a> on the computer.</p> </li> <li id="M201511198"> <!--#set var="DATE" value='<small class="date-tag">2015-11</small>' --><!--#echo encoding="none" var="DATE" --> <p>ARRIS cable modem has a <a href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1"> back door in the back door</a>.</p> </li> <li id="M201510200"> <!--#set var="DATE" value='<small class="date-tag">2015-10</small>' --><!--#echo encoding="none" var="DATE" --> <p>“Self-encrypting” disk drives do the encryption with proprietary firmware so you can't trust it. Western Digital's “My Passport” drives <a href="https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption"> have a back door</a>.</p> </li> <li id="M201504090"> <!--#set var="DATE" value='<small class="date-tag">2015-04</small>' --><!--#echo encoding="none" var="DATE" --> <p>Mac OS X had an <a href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/"> intentional local back door for 4 years</a>, which could be exploited by attackers to gain root privileges.</p> </li> <li id="M201309110"> <!--#set var="DATE" value='<small class="date-tag">2013-09</small>' --><!--#echo encoding="none" var="DATE" --> <p>Here is a big problem whose details are stillsecret.</p> <ul> <li> <p><a href="http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/">secret: <a href="https://mashable.com/archive/fbi-microsoft-bitlocker-backdoor"> The FBI asks lots of companies to put back doors in proprietaryprograms. </a>programs</a>. We don't know of specific cases where this was done, but every proprietary program for encryption is a possibility.</p> </li></ul><li id="M201308230"> <!--#set var="DATE" value='<small class="date-tag">2013-08</small>' --><!--#echo encoding="none" var="DATE" --> <p>The German government <a href="https://www.theregister.com/2013/08/23/nsa_germany_windows_8/">veers away from Windows 8 computers with TPM 2.0</a> (<a href="https://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa">original article in German</a>), due to potential back door capabilities of the TPM 2.0 chip.</p> </li> <li id="M201307300"> <!--#set var="DATE" value='<small class="date-tag">2013-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>Here is a suspicion that we can't prove, but is worth thinkingabout.</p> <ul> <li> <p><a href="http://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI">about: <a href="https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI"> Writable microcode for Intel and AMD microprocessors</a> may be a vehicle for the NSA to invade computers, with the help of Microsoft, say respected securityexperts. </p>experts.</p> </li> <li id="M201307114"> <!--#set var="DATE" value='<small class="date-tag">2013-07</small>' --><!--#echo encoding="none" var="DATE" --> <p>HP “storage appliances” that use the proprietary “Left Hand” operating system have back doors that give HP <a href="https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/"> remote login access</a> to them. HP claims that this does not give HP access to the customer's data, but if the back door allows installation of software changes, a change could be installed that would give access to the customer's data.</p> </li> </ul> <div class="column-limit"></div> <p>The EFF has other examples of the <ahref="https://www.eff.org/deeplinks/2015/02/who-really-owns-your-drones">usehref="https://www.eff.org/deeplinks/2015/02/who-really-owns-your-drones"> use of back doors</a>.</p></div><!-- for id="content", starts in the include above</div> </div> <!--#include virtual="/proprietary/proprietary-menu.html" --> <!--#include virtual="/server/footer.html" --> <divid="footer">id="footer" role="contentinfo"> <div class="unprintable"> <p>Please send general FSF & GNU inquiries to <a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>. There are also <a href="/contact/">other ways to contact</a> the FSF. Broken links and other corrections or suggestions can be sent to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p> <p><!-- TRANSLATORS: Ignore the original text in this paragraph, replace it with the translation of these two: We work hard and do our best to provide accurate, good quality translations. However, we are not exempt from imperfection. Please send your comments and general suggestions in this regard to <a href="mailto:web-translators@gnu.org"> <web-translators@gnu.org></a>.</p> <p>For information on coordinating andsubmittingcontributing translations of our web pages, see <a href="/server/standards/README.translations.html">Translations README</a>. --> Please see the <a href="/server/standards/README.translations.html">Translations README</a> for information on coordinating andsubmittingcontributing translations of this article.</p> </div> <p>Copyright ©2014-20172014-2022 Free Software Foundation, Inc.</p> <p>This page is licensed under a <a rel="license"href="http://creativecommons.org/licenses/by-nd/4.0/">Creativehref="http://creativecommons.org/licenses/by/4.0/">Creative CommonsAttribution-NoDerivativesAttribution 4.0 International License</a>.</p> <!--#include virtual="/server/bottom-notes.html" --> <p class="unprintable">Updated: <!-- timestamp start --> $Date: 2022/08/28 07:32:03 $ <!-- timestamp end --> </p> </div></div></div><!-- for class="inner", starts in the banner include --> </body> </html>