msgid "Proprietary Insecurity - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><a> msgid "<a id=\"side-menu-button\" class=\"switch\" href=\"#navlinks\">" msgstr "" #. type: Attribute 'title' of: <div><a><img> msgid "Section contents" msgstr "" #. type: Attribute 'alt' of: <div><a><img> msgid " [Section contents] " msgstr "" #. type: Content of: <div> msgid "</a>" msgstr "" #. type: Content of: <div><p><a> msgid "<a href=\"/\">" msgstr "" #. type: Attribute 'title' of: <div><p><a><img> msgid "GNU Home" msgstr "" #. type: Content of: <div><p> msgid "" "</a> / <a href=\"/proprietary/proprietary.html\">Malware</a> / By " "type /" msgstr "" #. type: Content of: <div><h2> msgid "Proprietary Insecurity" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><p> msgid "" "This page lists clearly established cases of insecurity in proprietary " "software that has grave consequences or is otherwise noteworthy. Even though " "most of these security flaws are unintentional, thus are not malicious " "functionalities in a strict sense, we report them to show that proprietary " "software is not as secure as mainstream media may say." msgstr "" #. type: Content of: <div><div><p> msgid "" "This doesn't imply that free software is immune to bugs or insecurities. " "The difference between free and proprietary software in this respect is the " "handling of the bugs: free software users are able to study the program " "and/or fix the bugs they find, often in communities as they are able to " "share the program, while proprietary program users are forced to rely on the " "program's developer for fixes." msgstr "" #. type: Content of: <div><div><p> msgid "" "If the developer does not care to fix the problem — often the case for " "embedded software and old releases — the users are sunk. But if the " "developer does send a corrected version, it may contain new malicious " "functionalities as well as bug fixes." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A security failure in Microsoft's Windows is <a " "href=\"https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/\">infecting " "people's computers with RedLine stealer malware</a> using a fake Windows 11 " "upgrade installer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A critical bug in Apple's iOS makes it possible for attackers to alter a " "shutdown event, <a " "href=\"https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/\">tricking " "the user into thinking that the phone has been powered off</a>. But in fact, " "it's still running, and the user can't feel any difference between a real " "shutdown and the fake shutdown." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Hundreds of Tesla drivers <a " "href=\"https://www.theguardian.com/technology/2021/nov/20/tesla-app-outage-elon-musk-apologises\">were " "locked out of their cars as a result of Tesla's app suffering from an " "outage</a>, which happened because the app is tethered to company's servers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some researchers at Google <a " "href=\"https://www.vice.com/en/article/93bw8y/google-caught-hackers-using-a-mac-zero-day-against-hong-kong-users\">found " "a zero-day vulnerability on MacOS, which crackers used to target people " "visiting the websites</a> of a media outlet and a pro-democracy labor and " "political group in Hong Kong." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Please note that the article wrongly refers to crackers as “<a " "href=\"/philosophy/words-to-avoid.html#Hacker\">hackers</a>”.</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Various models of security cameras, DVRs, and baby monitors that run " "proprietary software <a " "href=\"https://www.wired.com/story/kalay-iot-bug-video-feeds/\">are affected " "by a security vulnerability that could give attackers access to live " "feeds</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones\"> " "The pegasus spyware used vulnerabilities on proprietary smartphone operating " "systems</a> to impose surveillance on people. It can record people's calls, " "copy their messages, and secretly film them, using a security " "vulnerability. There's also <a " "href=\"https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf\"> " "a technical analysis of this spyware</a> available in PDF format." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A free operating system would've let people to fix the bugs for themselves " "but now infected people will be compelled to wait for corporations to fix " "the problems." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A newly found Microsoft Windows vulnerability <a " "href=\"https://edition.cnn.com/2021/07/08/tech/microsoft-windows-10-printnightmare/\"> " "can allow crackers to remotely gain access to the operating system</a> and " "install programs, view and delete data, or even create new user accounts " "with full user rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The security research firm accidentally leaked instructions on how the flaw " "could be exploited but Windows users should still wait for Microsoft to fix " "the flaw, if they fix it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/\">TikTok " "apps collect biometric identifiers and biometric information from users' " "smartphones</a>. The company behind it does whatever it wants and collects " "whatever data it can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/\">Apple " "is moving its Chinese customers' iCloud data to a datacenter controlled by " "the Chinese government</a>. Apple is already storing the encryption keys on " "these servers, obeying Chinese authority, making all Chinese user data " "available to the government." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A motorcycle company named Klim is selling airbag vests with different " "payment methods, one of them is through a <a " "href=\"https://www.vice.com/en/article/93yyyd/this-motorcycle-airbag-vest-will-stop-working-if-you-miss-a-payment\">proprietary " "subscription-based option that will block the vest from inflating if the " "payments don't go through</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "They say there is a 30-days grace period if you miss a payment but the grace " "period is no excuse to the insecurity." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The United States' government is reportedly considering <a " "href=\"https://www.infosecurity-magazine.com/news/private-companies-may-spy-on/\">teaming " "up with private companies to monitor American citizens' private online " "activity and digital communications</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "What creates the opportunity to try this is the fact that these companies " "are already snooping on users' private activities. That in turn is due to " "people's use of nonfree software which snoops, and online dis-services which " "snoop." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A zero-day vulnerability in Zoom which <a " "href=\"https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/\">can " "be used to launch remote code execution (RCE) attacks</a> has been disclosed " "by researchers. The researchers demonstrated a three-bug attack chain that " "caused an RCE on a target machine, all this without any form of user " "interaction." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams\">Over " "150 thousand security cameras that used Verkada company's proprietary " "software are cracked</a> by a major security breach. Crackers have had " "access to security archives of various gyms, hospitals, jails, schools, and " "police stations that have used Verkada's cameras." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"/philosophy/surveillance-vs-democracy.html\">It is injustice to " "the public</a> for gyms, stores, hospitals, jails, and schools to hand " "“security” footage to a company from which the government can " "collect it at any time, without even telling them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "At least 30 thousand organizations in the United States are newly “<a " "href=\"/philosophy/words-to-avoid.html#Hacker\">cracked</a>” via <a " "href=\"https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/\">holes " "in Microsoft's proprietary email software, named Microsoft 365</a>. It is " "unclear whether there are other holes and vulnerabilities in the program or " "not but history and experience tells us it wouldn't be the last disaster " "with proprietary programs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Researchers at the security firm SentinelOne discovered a <a " "href=\"https://www.wired.com/story/windows-defender-vulnerability-twelve-years/\">security " "flaw in proprietary program Microsoft Windows Defender that lurked " "undetected for 12 years</a>. If the program was free (as in freedom), more " "people would have had a chance to notice the problem, therefore, it could've " "been fixed a lot sooner." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A cracker <a " "href=\"https://www.vice.com/en/article/m7apnn/your-cock-is-mine-now-hacker-locks-internet-connected-chastity-cage-demands-ransom\">took " "control of people's internet-connected chastity cages and demanded " "ransom</a>. The chastity cages are being controlled by a proprietary app " "(mobile program)." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Please note that the article wrongly refers to crackers as \"<a " "href=\"/philosophy/words-to-avoid.html#Hacker\">hackers</a>\".)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Commercial crackware can <a " "href=\"https://www.theguardian.com/technology/2020/dec/20/iphones-vulnerable-to-hacking-tool-for-months-researchers-say\"> " "get passwords out of an iMonster</a>, use the microphone and camera, and " "other things." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.washingtonpost.com/technology/2020/12/18/zoom-helped-china-surveillance/\"> " "A Zoom executive carried out snooping and censorship for China</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This abuse of Zoom's power shows how dangerous that power is. The root " "problem is not the surveillance and censorship, but rather the power that " "Zoom has. It gets that power partly from the use of its server, but also " "partly from the nonfree client program." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "United States officials are facing one of biggest crackings against them in " "years, when <a " "href=\"https://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department\">malicious " "code was sneaked into SolarWinds' proprietary software named " "Orion</a>. Crackers got access to networks when users downloaded a tainted " "software update. Crackers were able to monitor internal emails at some of " "the top agencies in the US." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Baidu apps were <a " "href=\"https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/\"> " "caught collecting sensitive personal data</a> that can be used for lifetime " "tracking of users, and putting them in danger. More than 1.4 billion people " "worldwide are affected by these proprietary apps, and users' privacy is " "jeopardized by this surveillance tool. Data collected by Baidu may be handed " "over to the Chinese government, possibly putting Chinese people in danger." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple has <a " "href=\"https://sneak.berlin/20201112/your-computer-isnt-yours/\">implemented " "a malware in its computers that imposes surveillance</a> on users and " "reports users' computing to Apple." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The reports are even unencrypted and they've been leaking this data for two " "years already. This malware is reporting to Apple what user opens what " "program at what time. It also gives Apple power to sabotage users' " "computing." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung is forcing its smartphone users in Hong Kong (and Macau) <a " "href=\"https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/\">to " "use a public DNS in Mainland China</a>, using software update released in " "September 2020, which causes many unease and privacy concerns." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "TikTok <a " "href=\"https://boingboing.net/2020/08/11/tiktok-exploited-android-secur.html\"> " "exploited an Android vulnerability</a> to obtain user MAC addresses." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.wired.com/story/ripple20-iot-vulnerabilities/?bxid=5bd66d4c2ddf9c619437e4b8&cndid=9608804&esrc=Wired_etl_load&source=EDT_WIR_NEWSLETTER_0_DAILY_ZZ&utm_bran%5C\"> " "A disasterous security bug</a> touches millions of products in the Internet " "of Stings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "As a result, anyone can sting the user, not only the manufacturer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The proprietary program Microsoft Teams' insecurity <a " "href=\"https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif\">could " "have let a malicious GIF steal user data from Microsoft Teams accounts</a>, " "possibly across an entire company, and taken control of “an " "organization's entire roster of Teams accounts.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Riot Games' new anti-cheat is malware; <a " "href=\"https://www.extremetech.com/gaming/309320-riot-games-new-anti-cheat-system-runs-at-system-boot-uses-kernel-driver\">runs " "on system boot at kernel level</a> on Windows. It is insecure software that " "increases the attack surface of the operating system." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some security breakers (wrongly referred in this article as <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">“hackers”</a>) " "managed to interfere the Amazon Ring proprietary system, and <a " "href=\"https://www.theguardian.com/technology/2019/dec/13/ring-hackers-reportedly-watching-talking-strangers-in-home-cameras\">access " "its camera, speakers and microphones</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Internet-tethered Amazon Ring had a security vulnerability that enabled " "attackers to <a " "href=\"https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password\"> " "access the user's wifi password</a>, and snoop on the household through " "connected surveillance devices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Knowledge of the wifi password would not be sufficient to carry out any " "significant surveillance if the devices implemented proper security, " "including encryption. But many devices with proprietary software lack " "this. Of course, they are also used by their manufacturers for snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A series of vulnerabilities <a " "href=\"https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/\">found " "in iOS allowed attackers to gain access to sensitive information including " "private messages, passwords, photos and contacts stored on the user's " "iMonster</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The deep insecurity of iMonsters is even more pertinent given that Apple's " "proprietary software makes users totally dependent on Apple for even a " "modicum of security. It also means that the devices do not even try to " "offer security against Apple itself." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Out of 21 gratis Android antivirus apps that were tested by security " "researchers, eight <a " "href=\"https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/\"> " "failed to detect a test virus</a>. All of them asked for dangerous " "permissions or contained advertising trackers, with seven being more risky " "than the average of the 100 most popular Android apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that the article refers to these proprietary apps as " "“free”. It should have said “gratis” " "instead.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android apps can track users' movements even when the user says <a " "href=\"https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location\"> " "not to allow them access to locations</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This involves an apparently unintentional weakness in Android, exploited " "intentionally by malicious apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Users caught in the jail of an iMonster are <a " "href=\"https://boingboing.net/2019/05/15/brittle-security.html\"> sitting " "ducks for other attackers</a>, and the app censorship prevents security " "companies from figuring out how those attacks work." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple's censorship of apps is fundamentally unjust, and would be inexcusable " "even if it didn't lead to security threats as well." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Medtronics Conexus Telemetry Protocol has <a " "href=\"https://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/\"> " "two vulnerabilities that affect several models of implantable " "defibrillators</a> and the devices they connect to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This protocol has been around since 2006, and similar vulnerabilities were " "discovered in an earlier Medtronics communication protocol in " "2008. Apparently, nothing was done by the company to correct them. This " "means you can't rely on proprietary software developers to fix bugs in their " "products." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Ring (now Amazon) doorbell camera is designed so that the manufacturer " "(now Amazon) can watch all the time. Now it turns out that <a " "href=\"https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/\"> " "anyone else can also watch, and fake videos too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The third party vulnerability is presumably unintentional and Amazon will " "probably fix it. However, we do not expect Amazon to change the design that " "<a href=\"/proprietary/proprietary-surveillance.html#M201901100\">allows " "Amazon to watch</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Researchers have discovered how to <a " "href=\"https://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> " "hide voice commands in other audio</a>, so that people cannot hear them, but " "Alexa and Siri can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Since the beginning of 2017, <a " "href=\"https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/\">Android " "phones have been collecting the addresses of nearby cellular towers</a>, " "even when location services are disabled, and sending that data back to " "Google." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Crackers found a way to break the security of an Amazon device, and <a " "href=\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\"> turn it " "into a listening device</a> for them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It was very difficult for them to do this. The job would be much easier for " "Amazon. And if some government such as China or the US told Amazon to do " "this, or cease to sell the product in that country, do you think Amazon " "would have the moral fiber to say no?" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(These crackers are probably hackers too, but please <a " "href=\"https://stallman.org/articles/on-hacking.html\"> don't use " "“hacking” to mean “breaking security”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Siri, Alexa, and all the other voice-control systems can be <a " "href=\"https://www.fastcompany.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa\"> " "hijacked by programs that play commands in ultrasound that humans can't " "hear</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Samsung phones randomly <a " "href=\"https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages\">send " "photos to people in the owner's contact list</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "One of the dangers of the “internet of stings” is that, if you " "lose your internet service, you also <a " "href=\"https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/\"> " "lose control of your house and appliances</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "For your safety, don't use any appliance with a connection to the real " "internet." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Intel's intentional “management engine” back door has <a " "href=\"https://www.theregister.com/2017/11/20/intel_flags_firmware_flaws/\"> " "unintended back doors</a> too." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Amazon recently invited consumers to be suckers and <a " "href=\"https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/\"> " "allow delivery staff to open their front doors</a>. Wouldn't you know it, " "the system has a grave security flaw." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Bad security in some cars makes it possible to <a " "href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937\"> " "remotely activate the airbags</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A “smart” intravenous pump designed for hospitals is connected " "to the internet. Naturally <a " "href=\"https://www.techdirt.com/2017/09/22/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack/\"> " "its security has been cracked</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that this article misuses the term <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">“hackers”</a> " "referring to crackers.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The bad security in many Internet of Stings devices allows <a " "href=\"https://www.techdirt.com/2017/08/28/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you/\">ISPs " "to snoop on the people that use them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Don't be a sucker—reject all the stings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(It is unfortunate that the article uses the term <a " "href=\"/philosophy/words-to-avoid.html#Monetize\">“monetize”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many models of Internet-connected cameras <a " "href=\"/proprietary/proprietary-back-doors.html#InternetCameraBackDoor\"> " "have backdoors</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That is a malicious functionality, but in addition it is a gross insecurity " "since anyone, including malicious crackers, <a " "href=\"https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\">can " "find those accounts and use them to get into users' cameras</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Intel's CPU backdoor—the Intel Management Engine—had a <a " "href=\"https://arstechnica.com/information-technology/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/\">major " "security vulnerability for 10 years</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The vulnerability allowed a cracker to access the computer's Intel Active " "Management Technology (AMT) <a " "href=\"https://arstechnica.com/information-technology/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/\"> " "web interface with an empty password and gave administrative access</a> to " "access the computer's keyboard, mouse, monitor among other privileges." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It does not help that in newer Intel processors, it is impossible to turn " "off the Intel Management Engine. Thus, even users who are proactive about " "their security can do nothing to protect themselves besides using machines " "that don't come with the backdoor." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The proprietary code that runs pacemakers, insulin pumps, and other medical " "devices is <a href=\"https://www.bbc.com/news/technology-40042584\"> full of " "gross security faults</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Conexant HD Audio Driver Package (version 1.0.0.46 and earlier) " "pre-installed on 28 models of HP laptops logged the user's keystroke to a " "file in the filesystem. Any process with access to the filesystem or the " "MapViewOfFile API could gain access to the log. Furthermore, <a " "href=\"https://www.modzero.com/advisories/MZ-17-01-Conexant-Keylogger.txt\">according " "to modzero</a> the “information-leak via Covert Storage Channel " "enables malware authors to capture keystrokes without taking the risk of " "being classified as malicious task by AV heuristics”." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Exploits of bugs in Windows, which were developed by the NSA and then leaked " "by the Shadowbrokers group, are now being used to <a " "href=\"https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/\">attack " "a great number of Windows computers with ransomware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android devices <a " "href=\"https://arstechnica.com/information-technology/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/\"> " "can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's " "nonfree firmware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "When Miele's Internet of Stings hospital disinfectant dishwasher is <a " "href=\"https://www.vice.com/en/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit\"> " "connected to the Internet, its security is crap</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "For example, a cracker can gain access to the dishwasher's filesystem, " "infect it with malware, and force the dishwasher to launch attacks on other " "devices in the network. Since these dishwashers are used in hospitals, such " "attacks could potentially put hundreds of lives at risk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The CIA exploited existing vulnerabilities in “smart” TVs and " "phones to design a malware that <a " "href=\"https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html\"> " "spies through their microphones and cameras while making them appear to be " "turned off</a>. Since the spyware sniffs signals, it bypasses encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you buy a used “smart” car, house, TV, refrigerator, etc., " "usually <a " "href=\"https://boingboing.net/2017/02/20/the-previous-owners-of-used.html\">the " "previous owners can still remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The mobile apps for communicating <a " "href=\"https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/\">with " "a smart but foolish car have very bad security</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is in addition to the fact that the car contains a cellular modem that " "tells big brother all the time where it is. If you own such a car, it would " "be wise to disconnect the modem so as to turn off the tracking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A cracker would be able to <a " "href=\"https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/\"> turn " "the Oculus Rift sensors into spy cameras</a> after breaking into the " "computer they are connected to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Unfortunately, the article <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">improperly refers to " "crackers as “hackers”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung phones <a " "href=\"https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/\">have " "a security hole that allows an SMS message to install ransomware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "WhatsApp has a feature that <a " "href=\"https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/\"> " "has been described as a “back door”</a> because it would enable " "governments to nullify its encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The developers say that it wasn't intended as a back door, and that may well " "be true. But that leaves the crucial question of whether it functions as " "one. Because the program is nonfree, we cannot check by studying it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The “smart” toys My Friend Cayla and i-Que can be <a " "href=\"https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/\">remotely " "controlled with a mobile phone</a>; physical access is not necessary. This " "would enable crackers to listen in on a child's conversations, and even " "speak into the toys themselves." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This means a burglar could speak into the toys and ask the child to unlock " "the front door while Mommy's not looking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "4G LTE phone networks are drastically insecure. They can be <a " "href=\"https://www.theregister.com/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/\"> " "taken over by third parties and used for man-in-the-middle attacks</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Due to weak security, <a " "href=\"https://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844\">it " "is easy to open the doors of 100 million cars built by Volkswagen</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Ransomware <a " "href=\"https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/\"> " "has been developed for a thermostat that uses proprietary software</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A <a " "href=\"https://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/\">flaw " "in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft " "account credentials, if the user is tricked into visiting a malicious link." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/\">“Deleted” " "WhatsApp messages are not entirely deleted</a>. They can be recovered in " "various ways." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A vulnerability in Apple's Image I/O API allowed an attacker to <a " "href=\"https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple\">execute " "malicious code from any application which uses this API to render a certain " "kind of image file</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A bug in a proprietary ASN.1 library, used in cell phone towers as well as " "cell phones and routers, <a " "href=\"https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/\">allows " "taking control of those systems</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Antivirus programs have so many errors that <a " "href=\"https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374\">they " "may make security worse</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "GNU/Linux does not need antivirus software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung's “Smart Home” has a big security hole; <a " "href=\"https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/\"> " "unauthorized people can remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung claims that this is an “open” platform so the problem is " "partly the fault of app developers. That is clearly true if the apps are " "proprietary software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Anything whose name is “Smart” is most likely going to screw " "you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A bug in the iThings Messages app <a " "href=\"https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/\">allowed " "a malicious web site to extract all the user's messaging history</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Malware was found on <a " "href=\"http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html\"> " "security cameras available through Amazon</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A camera that records locally on physical media, and has no network " "connection, does not threaten people with surveillance—neither by " "watching people through the camera, nor through malware in the camera." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Over 70 brands of network-connected surveillance cameras have <a " "href=\"http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html\"> " "security bugs that allow anyone to watch through them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many proprietary payment apps <a " "href=\"https://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data\">transmit " "personal data in an insecure way</a>. However, the worse aspect of these " "apps is that <a href=\"/philosophy/surveillance-vs-democracy.html\">payment " "is not anonymous</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Nissan Leaf has a built-in cell phone modem which allows effectively " "anyone to <a " "href=\"https://www.troyhunt.com/controlling-vehicle-features-of-nissan/\"> " "access its computers remotely and make changes in various settings</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That's easy to do because the system has no authentication when accessed " "through the modem. However, even if it asked for authentication, you " "couldn't be confident that Nissan has no access. The software in the car is " "proprietary, <a " "href=\"/philosophy/free-software-even-more-important.html\">which means it " "demands blind faith from its users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even if no one connects to the car remotely, the cell phone modem enables " "the phone company to track the car's movements all the time; it is possible " "to physically remove the cell phone modem, though." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A pacemaker running proprietary code <a " "href=\"https://www.wired.com/2016/02/i-want-to-know-what-code-is-running-inside-my-body/\">was " "misconfigured and could have killed the implanted person</a>. In order to " "find out what was wrong and get it fixed, the person needed to break into " "the remote device that sets parameters in the pacemaker (possibly infringing " "upon manufacturer's rights under the DMCA). If this system had run free " "software, it could have been fixed much sooner." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "FitBit fitness trackers have a <a " "href=\"https://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/\"> " "Bluetooth vulnerability</a> that allows attackers to send malware to the " "devices, which can subsequently spread to computers and other FitBit " "trackers that interact with them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Self-encrypting” disk drives do the encryption with proprietary " "firmware so you can't trust it. Western Digital's “My Passport” " "drives <a " "href=\"https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption\"> " "have a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Security researchers discovered a <a " "href=\"https://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text\"> " "vulnerability in diagnostic dongles used for vehicle tracking and " "insurance</a> that let them take remote control of a car or lorry using an " "SMS." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Crackers were able to <a " "href=\"https://arstechnica.com/information-technology/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/\"> " "take remote control of the Jeep</a> “connected car”. They could " "track the car, start or stop the engine, and activate or deactivate the " "brakes, and more." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "We expect that Chrysler and the NSA can do this too." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you own a car that contains a phone modem, it would be a good idea to " "deactivate this." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Due to bad security in a drug pump, crackers could use it to <a " "href=\"https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/\"> " "kill patients</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html\"> " "Many smartphone apps use insecure authentication methods when storing your " "personal data on remote servers</a>. This leaves personal information like " "email addresses, passwords, and health information vulnerable. Because many " "of these apps are proprietary it makes it hard to impossible to know which " "apps are at risk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Hospira infusion pumps, which are used to administer drugs to a patient, " "were rated “<a " "href=\"https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/\">least " "secure IP device I've ever seen</a>” by a security researcher." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Depending on what drug is being infused, the insecurity could open the door " "to murder." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Mac OS X had an <a " "href=\"https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/\"> " "intentional local back door for 4 years</a>, which could be exploited by " "attackers to gain root privileges." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "An app to prevent “identity theft” (access to personal data) by " "storing users' data on a special server <a " "href=\"https://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/\">was " "deactivated by its developer</a> which had discovered a security flaw." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That developer seems to be conscientious about protecting personal data from " "third parties in general, but it can't protect that data from the state. " "Quite the contrary: confiding your data to someone else's server, if not " "first encrypted by you with free software, undermines your rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Lots of <a " "href=\"https://www.wired.com/2014/04/hospital-equipment-vulnerable/\"> " "hospital equipment has lousy security</a>, and it can be fatal." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a " "href=\"https://arstechnica.com/information-technology/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/\">insecurity " "of WhatsApp</a> makes eavesdropping a snap." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://www.bunniestudios.com/blog/?p=3554\"> Some flash memories " "have modifiable software</a>, which makes them vulnerable to viruses." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We don't call this a “back door” because it is normal that you " "can install a new system in a computer, given physical access to it. " "However, memory sticks and cards should not be modifiable in this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/\"> " "Point-of-sale terminals running Windows were taken over</a> and turned into " "a botnet for the purpose of collecting customers' credit card numbers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html\"> " "The NSA can tap data in smart phones, including iPhones, Android, and " "BlackBerry</a>. While there is not much detail here, it seems that this " "does not operate via the universal back door that we know nearly all " "portable phones have. It may involve exploiting various bugs. There are <a " "href=\"https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/\"> " "lots of bugs in the phones' radio software</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security\">The " "NSA has put back doors into nonfree encryption software</a>. We don't know " "which ones they are, but we can be sure they include some widely used " "systems. This reinforces the point that you can never trust the security of " "nonfree software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The FTC punished a company for making webcams with <a " "href=\"https://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html\"> " "bad security so that it was easy for anyone to watch through them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"http://spritesmods.com/?art=hddhack&page=6\"> Replaceable " "nonfree software in disk drives can be written by a nonfree " "program</a>. This makes any system vulnerable to persistent attacks that " "normal forensics won't detect." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It is possible to <a " "href=\"https://siliconangle.com/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/\"> " "kill people by taking control of medical implants by radio</a>. More " "information in <a href=\"https://www.bbc.com/news/technology-17631838\">BBC " "News</a> and <a " "href=\"https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/\"> " "IOActive Labs Research blog</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/\"> " "“Smart homes”</a> turn out to be stupidly vulnerable to " "intrusion." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html\"> " "Crackers found a way to break security on a “smart” TV</a> and " "use its camera to watch the people who are watching TV." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It is possible to <a " "href=\"https://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/\"> " "take control of some car computers through malware in music files</a>. Also " "<a href=\"https://www.nytimes.com/2011/03/10/business/10hack.html\"> by " "radio</a>. More information in <a href=\"http://www.autosec.org/faq.html\"> " "Automotive Security And Privacy Center</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and contributing translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and contributing translations of this " "article." msgstr "" #. type: Content of: <div><p> msgid "Copyright © 2013, 2015-2022 Free Software Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""

# LANGUAGE translation of https://www.gnu.org/proprietary/proprietary-insecurity.html # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the original article. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: proprietary-insecurity.html\n" "POT-Creation-Date: 2022-04-17 08:28+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. type: Content of: msgid "Proprietary Insecurity - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><a> msgid "<a id=\"side-menu-button\" class=\"switch\" href=\"#navlinks\">" msgstr "" #. type: Attribute 'title' of: <div><a><img> msgid "Section contents" msgstr "" #. type: Attribute 'alt' of: <div><a><img> msgid " [Section contents] " msgstr "" #. type: Content of: <div> msgid "</a>" msgstr "" #. type: Content of: <div><p><a> msgid "<a href=\"/\">" msgstr "" #. type: Attribute 'title' of: <div><p><a><img> msgid "GNU Home" msgstr "" #. type: Content of: <div><p> msgid "" "</a> / <a href=\"/proprietary/proprietary.html\">Malware</a> / By " "type /" msgstr "" #. type: Content of: <div><h2> msgid "Proprietary Insecurity" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><p> msgid "" "This page lists clearly established cases of insecurity in proprietary " "software that has grave consequences or is otherwise noteworthy. Even though " "most of these security flaws are unintentional, thus are not malicious " "functionalities in a strict sense, we report them to show that proprietary " "software is not as secure as mainstream media may say." msgstr "" #. type: Content of: <div><div><p> msgid "" "This doesn't imply that free software is immune to bugs or insecurities. " "The difference between free and proprietary software in this respect is the " "handling of the bugs: free software users are able to study the program " "and/or fix the bugs they find, often in communities as they are able to " "share the program, while proprietary program users are forced to rely on the " "program's developer for fixes." msgstr "" #. type: Content of: <div><div><p> msgid "" "If the developer does not care to fix the problem — often the case for " "embedded software and old releases — the users are sunk. But if the " "developer does send a corrected version, it may contain new malicious " "functionalities as well as bug fixes." msgstr "" #. type: Content of: <div><div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A security failure in Microsoft's Windows is <a " "href=\"https://www.bleepingcomputer.com/news/security/fake-windows-11-upgrade-installers-infect-you-with-redline-malware/\">infecting " "people's computers with RedLine stealer malware</a> using a fake Windows 11 " "upgrade installer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A critical bug in Apple's iOS makes it possible for attackers to alter a " "shutdown event, <a " "href=\"https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/\">tricking " "the user into thinking that the phone has been powered off</a>. But in fact, " "it's still running, and the user can't feel any difference between a real " "shutdown and the fake shutdown." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Hundreds of Tesla drivers <a " "href=\"https://www.theguardian.com/technology/2021/nov/20/tesla-app-outage-elon-musk-apologises\">were " "locked out of their cars as a result of Tesla's app suffering from an " "outage</a>, which happened because the app is tethered to company's servers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some researchers at Google <a " "href=\"https://www.vice.com/en/article/93bw8y/google-caught-hackers-using-a-mac-zero-day-against-hong-kong-users\">found " "a zero-day vulnerability on MacOS, which crackers used to target people " "visiting the websites</a> of a media outlet and a pro-democracy labor and " "political group in Hong Kong." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>Please note that the article wrongly refers to crackers as “<a " "href=\"/philosophy/words-to-avoid.html#Hacker\">hackers</a>”.</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Various models of security cameras, DVRs, and baby monitors that run " "proprietary software <a " "href=\"https://www.wired.com/story/kalay-iot-bug-video-feeds/\">are affected " "by a security vulnerability that could give attackers access to live " "feeds</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/news/2021/jul/18/what-is-pegasus-spyware-and-how-does-it-hack-phones\"> " "The pegasus spyware used vulnerabilities on proprietary smartphone operating " "systems</a> to impose surveillance on people. It can record people's calls, " "copy their messages, and secretly film them, using a security " "vulnerability. There's also <a " "href=\"https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-technical-analysis.pdf\"> " "a technical analysis of this spyware</a> available in PDF format." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A free operating system would've let people to fix the bugs for themselves " "but now infected people will be compelled to wait for corporations to fix " "the problems." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A newly found Microsoft Windows vulnerability <a " "href=\"https://edition.cnn.com/2021/07/08/tech/microsoft-windows-10-printnightmare/\"> " "can allow crackers to remotely gain access to the operating system</a> and " "install programs, view and delete data, or even create new user accounts " "with full user rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The security research firm accidentally leaked instructions on how the flaw " "could be exploited but Windows users should still wait for Microsoft to fix " "the flaw, if they fix it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2021/06/03/tiktok-just-gave-itself-permission-to-collect-biometric-data-on-u-s-users-including-faceprints-and-voiceprints/\">TikTok " "apps collect biometric identifiers and biometric information from users' " "smartphones</a>. The company behind it does whatever it wants and collects " "whatever data it can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.cpomagazine.com/data-privacy/icloud-data-turned-over-to-chinese-government-conflicts-with-apples-privacy-first-focus/\">Apple " "is moving its Chinese customers' iCloud data to a datacenter controlled by " "the Chinese government</a>. Apple is already storing the encryption keys on " "these servers, obeying Chinese authority, making all Chinese user data " "available to the government." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A motorcycle company named Klim is selling airbag vests with different " "payment methods, one of them is through a <a " "href=\"https://www.vice.com/en/article/93yyyd/this-motorcycle-airbag-vest-will-stop-working-if-you-miss-a-payment\">proprietary " "subscription-based option that will block the vest from inflating if the " "payments don't go through</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "They say there is a 30-days grace period if you miss a payment but the grace " "period is no excuse to the insecurity." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The United States' government is reportedly considering <a " "href=\"https://www.infosecurity-magazine.com/news/private-companies-may-spy-on/\">teaming " "up with private companies to monitor American citizens' private online " "activity and digital communications</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "What creates the opportunity to try this is the fact that these companies " "are already snooping on users' private activities. That in turn is due to " "people's use of nonfree software which snoops, and online dis-services which " "snoop." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A zero-day vulnerability in Zoom which <a " "href=\"https://www.zdnet.com/article/critical-zoom-vulnerability-triggers-remote-code-execution-without-user-input/\">can " "be used to launch remote code execution (RCE) attacks</a> has been disclosed " "by researchers. The researchers demonstrated a three-bug attack chain that " "caused an RCE on a target machine, all this without any form of user " "interaction." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.bloomberg.com/news/articles/2021-03-09/hackers-expose-tesla-jails-in-breach-of-150-000-security-cams\">Over " "150 thousand security cameras that used Verkada company's proprietary " "software are cracked</a> by a major security breach. Crackers have had " "access to security archives of various gyms, hospitals, jails, schools, and " "police stations that have used Verkada's cameras." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"/philosophy/surveillance-vs-democracy.html\">It is injustice to " "the public</a> for gyms, stores, hospitals, jails, and schools to hand " "“security” footage to a company from which the government can " "collect it at any time, without even telling them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "At least 30 thousand organizations in the United States are newly “<a " "href=\"/philosophy/words-to-avoid.html#Hacker\">cracked</a>” via <a " "href=\"https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/\">holes " "in Microsoft's proprietary email software, named Microsoft 365</a>. It is " "unclear whether there are other holes and vulnerabilities in the program or " "not but history and experience tells us it wouldn't be the last disaster " "with proprietary programs." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Researchers at the security firm SentinelOne discovered a <a " "href=\"https://www.wired.com/story/windows-defender-vulnerability-twelve-years/\">security " "flaw in proprietary program Microsoft Windows Defender that lurked " "undetected for 12 years</a>. If the program was free (as in freedom), more " "people would have had a chance to notice the problem, therefore, it could've " "been fixed a lot sooner." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A cracker <a " "href=\"https://www.vice.com/en/article/m7apnn/your-cock-is-mine-now-hacker-locks-internet-connected-chastity-cage-demands-ransom\">took " "control of people's internet-connected chastity cages and demanded " "ransom</a>. The chastity cages are being controlled by a proprietary app " "(mobile program)." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Please note that the article wrongly refers to crackers as \"<a " "href=\"/philosophy/words-to-avoid.html#Hacker\">hackers</a>\".)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Commercial crackware can <a " "href=\"https://www.theguardian.com/technology/2020/dec/20/iphones-vulnerable-to-hacking-tool-for-months-researchers-say\"> " "get passwords out of an iMonster</a>, use the microphone and camera, and " "other things." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.washingtonpost.com/technology/2020/12/18/zoom-helped-china-surveillance/\"> " "A Zoom executive carried out snooping and censorship for China</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This abuse of Zoom's power shows how dangerous that power is. The root " "problem is not the surveillance and censorship, but rather the power that " "Zoom has. It gets that power partly from the use of its server, but also " "partly from the nonfree client program." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "United States officials are facing one of biggest crackings against them in " "years, when <a " "href=\"https://www.theguardian.com/technology/2020/dec/15/orion-hack-solar-winds-explained-us-treasury-commerce-department\">malicious " "code was sneaked into SolarWinds' proprietary software named " "Orion</a>. Crackers got access to networks when users downloaded a tainted " "software update. Crackers were able to monitor internal emails at some of " "the top agencies in the US." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Baidu apps were <a " "href=\"https://www.zdnet.com/article/baidus-android-apps-caught-collecting-sensitive-user-details/\"> " "caught collecting sensitive personal data</a> that can be used for lifetime " "tracking of users, and putting them in danger. More than 1.4 billion people " "worldwide are affected by these proprietary apps, and users' privacy is " "jeopardized by this surveillance tool. Data collected by Baidu may be handed " "over to the Chinese government, possibly putting Chinese people in danger." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple has <a " "href=\"https://sneak.berlin/20201112/your-computer-isnt-yours/\">implemented " "a malware in its computers that imposes surveillance</a> on users and " "reports users' computing to Apple." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The reports are even unencrypted and they've been leaking this data for two " "years already. This malware is reporting to Apple what user opens what " "program at what time. It also gives Apple power to sabotage users' " "computing." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung is forcing its smartphone users in Hong Kong (and Macau) <a " "href=\"https://blog.headuck.com/2020/10/12/samsung-phones-force-mainland-china-dns-service-upon-hong-kong-wifi-users/\">to " "use a public DNS in Mainland China</a>, using software update released in " "September 2020, which causes many unease and privacy concerns." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "TikTok <a " "href=\"https://boingboing.net/2020/08/11/tiktok-exploited-android-secur.html\"> " "exploited an Android vulnerability</a> to obtain user MAC addresses." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.wired.com/story/ripple20-iot-vulnerabilities/?bxid=5bd66d4c2ddf9c619437e4b8&cndid=9608804&esrc=Wired_etl_load&source=EDT_WIR_NEWSLETTER_0_DAILY_ZZ&utm_bran%5C\"> " "A disasterous security bug</a> touches millions of products in the Internet " "of Stings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "As a result, anyone can sting the user, not only the manufacturer." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The proprietary program Microsoft Teams' insecurity <a " "href=\"https://www.forbes.com/sites/thomasbrewster/2020/04/27/your-whole-companys-microsoft-teams-data-couldve-been-stolen-with-an-evil-gif\">could " "have let a malicious GIF steal user data from Microsoft Teams accounts</a>, " "possibly across an entire company, and taken control of “an " "organization's entire roster of Teams accounts.”" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Riot Games' new anti-cheat is malware; <a " "href=\"https://www.extremetech.com/gaming/309320-riot-games-new-anti-cheat-system-runs-at-system-boot-uses-kernel-driver\">runs " "on system boot at kernel level</a> on Windows. It is insecure software that " "increases the attack surface of the operating system." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some security breakers (wrongly referred in this article as <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">“hackers”</a>) " "managed to interfere the Amazon Ring proprietary system, and <a " "href=\"https://www.theguardian.com/technology/2019/dec/13/ring-hackers-reportedly-watching-talking-strangers-in-home-cameras\">access " "its camera, speakers and microphones</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Internet-tethered Amazon Ring had a security vulnerability that enabled " "attackers to <a " "href=\"https://www.commondreams.org/newswire/2019/11/07/amazons-ring-doorbells-leaks-customers-wi-fi-username-and-password\"> " "access the user's wifi password</a>, and snoop on the household through " "connected surveillance devices." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Knowledge of the wifi password would not be sufficient to carry out any " "significant surveillance if the devices implemented proper security, " "including encryption. But many devices with proprietary software lack " "this. Of course, they are also used by their manufacturers for snooping." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A series of vulnerabilities <a " "href=\"https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/\">found " "in iOS allowed attackers to gain access to sensitive information including " "private messages, passwords, photos and contacts stored on the user's " "iMonster</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The deep insecurity of iMonsters is even more pertinent given that Apple's " "proprietary software makes users totally dependent on Apple for even a " "modicum of security. It also means that the devices do not even try to " "offer security against Apple itself." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Out of 21 gratis Android antivirus apps that were tested by security " "researchers, eight <a " "href=\"https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/\"> " "failed to detect a test virus</a>. All of them asked for dangerous " "permissions or contained advertising trackers, with seven being more risky " "than the average of the 100 most popular Android apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that the article refers to these proprietary apps as " "“free”. It should have said “gratis” " "instead.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android apps can track users' movements even when the user says <a " "href=\"https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location\"> " "not to allow them access to locations</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This involves an apparently unintentional weakness in Android, exploited " "intentionally by malicious apps." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Users caught in the jail of an iMonster are <a " "href=\"https://boingboing.net/2019/05/15/brittle-security.html\"> sitting " "ducks for other attackers</a>, and the app censorship prevents security " "companies from figuring out how those attacks work." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Apple's censorship of apps is fundamentally unjust, and would be inexcusable " "even if it didn't lead to security threats as well." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Medtronics Conexus Telemetry Protocol has <a " "href=\"https://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/\"> " "two vulnerabilities that affect several models of implantable " "defibrillators</a> and the devices they connect to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This protocol has been around since 2006, and similar vulnerabilities were " "discovered in an earlier Medtronics communication protocol in " "2008. Apparently, nothing was done by the company to correct them. This " "means you can't rely on proprietary software developers to fix bugs in their " "products." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Ring (now Amazon) doorbell camera is designed so that the manufacturer " "(now Amazon) can watch all the time. Now it turns out that <a " "href=\"https://web.archive.org/web/20190918024432/https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/\"> " "anyone else can also watch, and fake videos too</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The third party vulnerability is presumably unintentional and Amazon will " "probably fix it. However, we do not expect Amazon to change the design that " "<a href=\"/proprietary/proprietary-surveillance.html#M201901100\">allows " "Amazon to watch</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Researchers have discovered how to <a " "href=\"https://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> " "hide voice commands in other audio</a>, so that people cannot hear them, but " "Alexa and Siri can." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Since the beginning of 2017, <a " "href=\"https://qz.com/1131515/google-collects-android-users-locations-even-when-location-services-are-disabled/\">Android " "phones have been collecting the addresses of nearby cellular towers</a>, " "even when location services are disabled, and sending that data back to " "Google." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Crackers found a way to break the security of an Amazon device, and <a " "href=\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\"> turn it " "into a listening device</a> for them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It was very difficult for them to do this. The job would be much easier for " "Amazon. And if some government such as China or the US told Amazon to do " "this, or cease to sell the product in that country, do you think Amazon " "would have the moral fiber to say no?" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(These crackers are probably hackers too, but please <a " "href=\"https://stallman.org/articles/on-hacking.html\"> don't use " "“hacking” to mean “breaking security”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Siri, Alexa, and all the other voice-control systems can be <a " "href=\"https://www.fastcompany.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa\"> " "hijacked by programs that play commands in ultrasound that humans can't " "hear</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Some Samsung phones randomly <a " "href=\"https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages\">send " "photos to people in the owner's contact list</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "One of the dangers of the “internet of stings” is that, if you " "lose your internet service, you also <a " "href=\"https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/\"> " "lose control of your house and appliances</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "For your safety, don't use any appliance with a connection to the real " "internet." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Intel's intentional “management engine” back door has <a " "href=\"https://www.theregister.com/2017/11/20/intel_flags_firmware_flaws/\"> " "unintended back doors</a> too." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Amazon recently invited consumers to be suckers and <a " "href=\"https://www.techdirt.com/2017/11/22/vulnerability-found-amazon-key-again-showing-how-dumber-tech-is-often-smarter-option/\"> " "allow delivery staff to open their front doors</a>. Wouldn't you know it, " "the system has a grave security flaw." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Bad security in some cars makes it possible to <a " "href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937\"> " "remotely activate the airbags</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A “smart” intravenous pump designed for hospitals is connected " "to the internet. Naturally <a " "href=\"https://www.techdirt.com/2017/09/22/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack/\"> " "its security has been cracked</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Note that this article misuses the term <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">“hackers”</a> " "referring to crackers.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The bad security in many Internet of Stings devices allows <a " "href=\"https://www.techdirt.com/2017/08/28/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you/\">ISPs " "to snoop on the people that use them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "Don't be a sucker—reject all the stings." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(It is unfortunate that the article uses the term <a " "href=\"/philosophy/words-to-avoid.html#Monetize\">“monetize”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many models of Internet-connected cameras <a " "href=\"/proprietary/proprietary-back-doors.html#InternetCameraBackDoor\"> " "have backdoors</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That is a malicious functionality, but in addition it is a gross insecurity " "since anyone, including malicious crackers, <a " "href=\"https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\">can " "find those accounts and use them to get into users' cameras</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Intel's CPU backdoor—the Intel Management Engine—had a <a " "href=\"https://arstechnica.com/information-technology/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/\">major " "security vulnerability for 10 years</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The vulnerability allowed a cracker to access the computer's Intel Active " "Management Technology (AMT) <a " "href=\"https://arstechnica.com/information-technology/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/\"> " "web interface with an empty password and gave administrative access</a> to " "access the computer's keyboard, mouse, monitor among other privileges." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It does not help that in newer Intel processors, it is impossible to turn " "off the Intel Management Engine. Thus, even users who are proactive about " "their security can do nothing to protect themselves besides using machines " "that don't come with the backdoor." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The proprietary code that runs pacemakers, insulin pumps, and other medical " "devices is <a href=\"https://www.bbc.com/news/technology-40042584\"> full of " "gross security faults</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Conexant HD Audio Driver Package (version 1.0.0.46 and earlier) " "pre-installed on 28 models of HP laptops logged the user's keystroke to a " "file in the filesystem. Any process with access to the filesystem or the " "MapViewOfFile API could gain access to the log. Furthermore, <a " "href=\"https://www.modzero.com/advisories/MZ-17-01-Conexant-Keylogger.txt\">according " "to modzero</a> the “information-leak via Covert Storage Channel " "enables malware authors to capture keystrokes without taking the risk of " "being classified as malicious task by AV heuristics”." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Exploits of bugs in Windows, which were developed by the NSA and then leaked " "by the Shadowbrokers group, are now being used to <a " "href=\"https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/\">attack " "a great number of Windows computers with ransomware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many Android devices <a " "href=\"https://arstechnica.com/information-technology/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/\"> " "can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's " "nonfree firmware." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "When Miele's Internet of Stings hospital disinfectant dishwasher is <a " "href=\"https://www.vice.com/en/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit\"> " "connected to the Internet, its security is crap</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "For example, a cracker can gain access to the dishwasher's filesystem, " "infect it with malware, and force the dishwasher to launch attacks on other " "devices in the network. Since these dishwashers are used in hospitals, such " "attacks could potentially put hundreds of lives at risk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The CIA exploited existing vulnerabilities in “smart” TVs and " "phones to design a malware that <a " "href=\"https://www.independent.co.uk/tech/wikileaks-vault-7-android-iphone-cia-phones-handsets-tv-smart-julian-assange-a7616651.html\"> " "spies through their microphones and cameras while making them appear to be " "turned off</a>. Since the spyware sniffs signals, it bypasses encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you buy a used “smart” car, house, TV, refrigerator, etc., " "usually <a " "href=\"https://boingboing.net/2017/02/20/the-previous-owners-of-used.html\">the " "previous owners can still remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The mobile apps for communicating <a " "href=\"https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/\">with " "a smart but foolish car have very bad security</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This is in addition to the fact that the car contains a cellular modem that " "tells big brother all the time where it is. If you own such a car, it would " "be wise to disconnect the modem so as to turn off the tracking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A cracker would be able to <a " "href=\"https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/\"> turn " "the Oculus Rift sensors into spy cameras</a> after breaking into the " "computer they are connected to." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<small>(Unfortunately, the article <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">improperly refers to " "crackers as “hackers”</a>.)</small>" msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung phones <a " "href=\"https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/\">have " "a security hole that allows an SMS message to install ransomware</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "WhatsApp has a feature that <a " "href=\"https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/\"> " "has been described as a “back door”</a> because it would enable " "governments to nullify its encryption." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The developers say that it wasn't intended as a back door, and that may well " "be true. But that leaves the crucial question of whether it functions as " "one. Because the program is nonfree, we cannot check by studying it." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The “smart” toys My Friend Cayla and i-Que can be <a " "href=\"https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws/\">remotely " "controlled with a mobile phone</a>; physical access is not necessary. This " "would enable crackers to listen in on a child's conversations, and even " "speak into the toys themselves." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "This means a burglar could speak into the toys and ask the child to unlock " "the front door while Mommy's not looking." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "4G LTE phone networks are drastically insecure. They can be <a " "href=\"https://www.theregister.com/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/\"> " "taken over by third parties and used for man-in-the-middle attacks</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Due to weak security, <a " "href=\"https://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844\">it " "is easy to open the doors of 100 million cars built by Volkswagen</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Ransomware <a " "href=\"https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/\"> " "has been developed for a thermostat that uses proprietary software</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A <a " "href=\"https://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/\">flaw " "in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft " "account credentials, if the user is tricked into visiting a malicious link." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/\">“Deleted” " "WhatsApp messages are not entirely deleted</a>. They can be recovered in " "various ways." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A vulnerability in Apple's Image I/O API allowed an attacker to <a " "href=\"https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple\">execute " "malicious code from any application which uses this API to render a certain " "kind of image file</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A bug in a proprietary ASN.1 library, used in cell phone towers as well as " "cell phones and routers, <a " "href=\"https://arstechnica.com/information-technology/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover/\">allows " "taking control of those systems</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Antivirus programs have so many errors that <a " "href=\"https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374\">they " "may make security worse</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "GNU/Linux does not need antivirus software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung's “Smart Home” has a big security hole; <a " "href=\"https://arstechnica.com/information-technology/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/\"> " "unauthorized people can remotely control it</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Samsung claims that this is an “open” platform so the problem is " "partly the fault of app developers. That is clearly true if the apps are " "proprietary software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Anything whose name is “Smart” is most likely going to screw " "you." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A bug in the iThings Messages app <a " "href=\"https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/\">allowed " "a malicious web site to extract all the user's messaging history</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Malware was found on <a " "href=\"http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html\"> " "security cameras available through Amazon</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A camera that records locally on physical media, and has no network " "connection, does not threaten people with surveillance—neither by " "watching people through the camera, nor through malware in the camera." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Over 70 brands of network-connected surveillance cameras have <a " "href=\"http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html\"> " "security bugs that allow anyone to watch through them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Many proprietary payment apps <a " "href=\"https://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data\">transmit " "personal data in an insecure way</a>. However, the worse aspect of these " "apps is that <a href=\"/philosophy/surveillance-vs-democracy.html\">payment " "is not anonymous</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The Nissan Leaf has a built-in cell phone modem which allows effectively " "anyone to <a " "href=\"https://www.troyhunt.com/controlling-vehicle-features-of-nissan/\"> " "access its computers remotely and make changes in various settings</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That's easy to do because the system has no authentication when accessed " "through the modem. However, even if it asked for authentication, you " "couldn't be confident that Nissan has no access. The software in the car is " "proprietary, <a " "href=\"/philosophy/free-software-even-more-important.html\">which means it " "demands blind faith from its users</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Even if no one connects to the car remotely, the cell phone modem enables " "the phone company to track the car's movements all the time; it is possible " "to physically remove the cell phone modem, though." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "A pacemaker running proprietary code <a " "href=\"https://www.wired.com/2016/02/i-want-to-know-what-code-is-running-inside-my-body/\">was " "misconfigured and could have killed the implanted person</a>. In order to " "find out what was wrong and get it fixed, the person needed to break into " "the remote device that sets parameters in the pacemaker (possibly infringing " "upon manufacturer's rights under the DMCA). If this system had run free " "software, it could have been fixed much sooner." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "FitBit fitness trackers have a <a " "href=\"https://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/\"> " "Bluetooth vulnerability</a> that allows attackers to send malware to the " "devices, which can subsequently spread to computers and other FitBit " "trackers that interact with them." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "“Self-encrypting” disk drives do the encryption with proprietary " "firmware so you can't trust it. Western Digital's “My Passport” " "drives <a " "href=\"https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption\"> " "have a back door</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Security researchers discovered a <a " "href=\"https://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text\"> " "vulnerability in diagnostic dongles used for vehicle tracking and " "insurance</a> that let them take remote control of a car or lorry using an " "SMS." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Crackers were able to <a " "href=\"https://arstechnica.com/information-technology/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/\"> " "take remote control of the Jeep</a> “connected car”. They could " "track the car, start or stop the engine, and activate or deactivate the " "brakes, and more." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "We expect that Chrysler and the NSA can do this too." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "If you own a car that contains a phone modem, it would be a good idea to " "deactivate this." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Due to bad security in a drug pump, crackers could use it to <a " "href=\"https://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/\"> " "kill patients</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html\"> " "Many smartphone apps use insecure authentication methods when storing your " "personal data on remote servers</a>. This leaves personal information like " "email addresses, passwords, and health information vulnerable. Because many " "of these apps are proprietary it makes it hard to impossible to know which " "apps are at risk." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Hospira infusion pumps, which are used to administer drugs to a patient, " "were rated “<a " "href=\"https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/\">least " "secure IP device I've ever seen</a>” by a security researcher." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Depending on what drug is being infused, the insecurity could open the door " "to murder." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Mac OS X had an <a " "href=\"https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/\"> " "intentional local back door for 4 years</a>, which could be exploited by " "attackers to gain root privileges." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "An app to prevent “identity theft” (access to personal data) by " "storing users' data on a special server <a " "href=\"https://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/\">was " "deactivated by its developer</a> which had discovered a security flaw." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "That developer seems to be conscientious about protecting personal data from " "third parties in general, but it can't protect that data from the state. " "Quite the contrary: confiding your data to someone else's server, if not " "first encrypted by you with free software, undermines your rights." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "Lots of <a " "href=\"https://www.wired.com/2014/04/hospital-equipment-vulnerable/\"> " "hospital equipment has lousy security</a>, and it can be fatal." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The <a " "href=\"https://arstechnica.com/information-technology/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/\">insecurity " "of WhatsApp</a> makes eavesdropping a snap." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"https://www.bunniestudios.com/blog/?p=3554\"> Some flash memories " "have modifiable software</a>, which makes them vulnerable to viruses." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "We don't call this a “back door” because it is normal that you " "can install a new system in a computer, given physical access to it. " "However, memory sticks and cards should not be modifiable in this way." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://arstechnica.com/information-technology/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/\"> " "Point-of-sale terminals running Windows were taken over</a> and turned into " "a botnet for the purpose of collecting customers' credit card numbers." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html\"> " "The NSA can tap data in smart phones, including iPhones, Android, and " "BlackBerry</a>. While there is not much detail here, it seems that this " "does not operate via the universal back door that we know nearly all " "portable phones have. It may involve exploiting various bugs. There are <a " "href=\"https://www.osnews.com/story/27416/the-second-operating-system-hiding-in-every-mobile-phone/\"> " "lots of bugs in the phones' radio software</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security\">The " "NSA has put back doors into nonfree encryption software</a>. We don't know " "which ones they are, but we can be sure they include some widely used " "systems. This reinforces the point that you can never trust the security of " "nonfree software." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "The FTC punished a company for making webcams with <a " "href=\"https://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html\"> " "bad security so that it was easy for anyone to watch through them</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a href=\"http://spritesmods.com/?art=hddhack&page=6\"> Replaceable " "nonfree software in disk drives can be written by a nonfree " "program</a>. This makes any system vulnerable to persistent attacks that " "normal forensics won't detect." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It is possible to <a " "href=\"https://siliconangle.com/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/\"> " "kill people by taking control of medical implants by radio</a>. More " "information in <a href=\"https://www.bbc.com/news/technology-17631838\">BBC " "News</a> and <a " "href=\"https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/\"> " "IOActive Labs Research blog</a>." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"https://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/\"> " "“Smart homes”</a> turn out to be stupidly vulnerable to " "intrusion." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "<a " "href=\"http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html\"> " "Crackers found a way to break security on a “smart” TV</a> and " "use its camera to watch the people who are watching TV." msgstr "" #. type: Content of: <div><div><ul><li><p> msgid "" "It is possible to <a " "href=\"https://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/\"> " "take control of some car computers through malware in music files</a>. Also " "<a href=\"https://www.nytimes.com/2011/03/10/business/10hack.html\"> by " "radio</a>. More information in <a href=\"http://www.autosec.org/faq.html\"> " "Automotive Security And Privacy Center</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and contributing translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and contributing translations of this " "article." msgstr "" #. type: Content of: <div><p> msgid "Copyright © 2013, 2015-2022 Free Software Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""