msgid "Proprietary Insecurity - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><p> msgid "" "<a href=\"/proprietary/proprietary.html\">Proprietary malware</a> → " "Insecurity" msgstr "" #. type: Content of: <div><h2> msgid "Proprietary Insecurity" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><p> msgid "" "This page lists clearly established cases of insecurity in proprietary " "software that has grave consequences or is otherwise noteworthy. Even though " "most of these security flaws are unintentional, thus are not malicious " "functionalities in a strict sense, we report them to show that proprietary " "software is not immune to bugs, and is often quite sloppy." msgstr "" #. type: Content of: <div><div><p> msgid "" "All complex programs, whether free or proprietary, contain bugs. What makes " "bugs more dangerous in proprietary software is that users are <em>helpless " "to fix any security problems that arise</em>. Keeping the users helpless is " "what's culpable about proprietary software." msgstr "" #. type: Content of: <div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A series of vulnerabilities <a " "href=\"https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/\">found " "in iOS allowed attackers to gain access to sensitive information including " "private messages, passwords, photos and contacts stored on the user's " "iMonster</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The deep insecurity of iMonsters is even more pertinent given that Apple's " "proprietary software makes users totally dependent on Apple for even a " "modicum of security. It also means that the devices do not even try to " "offer security against Apple itself." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Out of 21 gratis Android antivirus apps that were tested by security " "researchers, eight <a " "href=\"https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/\"> " "failed to detect a test virus</a>. All of them asked for dangerous " "permissions or contained advertising trackers, with seven being more risky " "than the average of the 100 most popular Android apps." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(Note that the article refers to these proprietary apps as " "“free”. It should have said “gratis” " "instead.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Many Android apps can track users' movements even when the user says <a " "href=\"https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location\"> " "not to allow them access to locations</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "This involves an apparently unintentional weakness in Android, exploited " "intentionally by malicious apps." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Users caught in the jail of an iMonster are <a " "href=\"https://boingboing.net/2019/05/15/brittle-security.html\"> sitting " "ducks for other attackers</a>, and the app censorship prevents security " "companies from figuring out how those attacks work." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Apple's censorship of apps is fundamentally unjust, and would be inexcusable " "even if it didn't lead to security threats as well." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The Medtronics Conexus Telemetry Protocol has <a " "href=\"http://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/\"> " "two vulnerabilities that affect several models of implantable " "defibrillators</a> and the devices they connect to." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "This protocol has been around since 2006, and similar vulnerabilities were " "discovered in an earlier Medtronics communication protocol in " "2008. Apparently, nothing was done by the company to correct them. This " "means you can't rely on proprietary software developers to fix bugs in their " "products." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The Ring (now Amazon) doorbell camera is designed so that the manufacturer " "(now Amazon) can watch all the time. Now it turns out that <a " "href=\"https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/\"> anyone " "else can also watch, and fake videos too</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The third party vulnerability is presumably unintentional and Amazon will " "probably fix it. However, we do not expect Amazon to change the design that " "<a href=\"/proprietary/proprietary-surveillance.html#M201901100\">allows " "Amazon to watch</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Researchers have discovered how to <a " "href=\"http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> " "hide voice commands in other audio</a>, so that people cannot hear them, but " "Alexa and Siri can." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Crackers found a way to break the security of an Amazon device, and <a " "href=\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\"> turn it " "into a listening device</a> for them." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "It was very difficult for them to do this. The job would be much easier for " "Amazon. And if some government such as China or the US told Amazon to do " "this, or cease to sell the product in that country, do you think Amazon " "would have the moral fiber to say no?" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(These crackers are probably hackers too, but please <a " "href=\"https://stallman.org/articles/on-hacking.html\"> don't use " "“hacking” to mean “breaking security”</a>.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Siri, Alexa, and all the other voice-control systems can be <a " "href=\"https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa\"> " "hijacked by programs that play commands in ultrasound that humans can't " "hear</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Some Samsung phones randomly <a " "href=\"https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages\">send " "photos to people in the owner's contact list</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "One of the dangers of the “internet of stings” is that, if you " "lose your internet service, you also <a " "href=\"https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/\"> " "lose control of your house and appliances</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "For your safety, don't use any appliance with a connection to the real " "internet." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Intel's intentional “management engine” back door has <a " "href=\"https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/\"> " "unintended back doors</a> too." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Amazon recently invited consumers to be suckers and <a " "href=\"https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo\"> " "allow delivery staff to open their front doors</a>. Wouldn't you know it, " "the system has a grave security flaw." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Bad security in some cars makes it possible to <a " "href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937\"> " "remotely activate the airbags</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A “smart” intravenous pump designed for hospitals is connected " "to the internet. Naturally <a " "href=\"https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml\"> " "its security has been cracked</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(Note that this article misuses the term <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">“hackers”</a> " "referring to crackers.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The bad security in many Internet of Stings devices allows <a " "href=\"https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml\">ISPs " "to snoop on the people that use them</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "Don't be a sucker—reject all the stings." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(It is unfortunate that the article uses the term <a " "href=\"/philosophy/words-to-avoid.html#Monetize\">“monetize”</a>.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Many models of Internet-connected cameras <a " "href=\"/proprietary/proprietary-back-doors.html#InternetCameraBackDoor\"> " "have backdoors</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "That is a malicious functionality, but in addition it is a gross insecurity " "since anyone, including malicious crackers, <a " "href=\"https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\">can " "find those accounts and use them to get into users' cameras</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Intel's CPU backdoor—the Intel Management Engine—had a <a " "href=\"https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/\">major " "security vulnerability for 10 years</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The vulnerability allowed a cracker to access the computer's Intel Active " "Management Technology (AMT) <a " "href=\"https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/\"> " "web interface with an empty password and gave administrative access</a> to " "access the computer's keyboard, mouse, monitor among other privileges." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "It does not help that in newer Intel processors, it is impossible to turn " "off the Intel Management Engine. Thus, even users who are proactive about " "their security can do nothing to protect themselves besides using machines " "that don't come with the backdoor." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The proprietary code that runs pacemakers, insulin pumps, and other medical " "devices is <a href=\"http://www.bbc.co.uk/news/technology-40042584\"> full " "of gross security faults</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Conexant HD Audio Driver Package (version 1.0.0.46 and earlier) " "pre-installed on 28 models of HP laptops logged the user's keystroke to a " "file in the filesystem. Any process with access to the filesystem or the " "MapViewOfFile API could gain access to the log. Furthermore, <a " "href=\"https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt\">according " "to modzero</a> the “information-leak via Covert Storage Channel " "enables malware authors to capture keystrokes without taking the risk of " "being classified as malicious task by AV heuristics”." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Exploits of bugs in Windows, which were developed by the NSA and then leaked " "by the Shadowbrokers group, are now being used to <a " "href=\"https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/\">attack " "a great number of Windows computers with ransomware</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Many Android devices <a " "href=\"https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/\"> " "can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's " "non-free firmware." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "When Miele's Internet of Stings hospital disinfectant dishwasher is <a " "href=\"https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit\"> " "connected to the Internet, its security is crap</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "For example, a cracker can gain access to the dishwasher's filesystem, " "infect it with malware, and force the dishwasher to launch attacks on other " "devices in the network. Since these dishwashers are used in hospitals, such " "attacks could potentially put hundreds of lives at risk." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "If you buy a used “smart” car, house, TV, refrigerator, etc., " "usually <a " "href=\"http://boingboing.net/2017/02/20/the-previous-owners-of-used.html\">the " "previous owners can still remotely control it</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The mobile apps for communicating <a " "href=\"https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/\">with " "a smart but foolish car have very bad security</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "This is in addition to the fact that the car contains a cellular modem that " "tells big brother all the time where it is. If you own such a car, it would " "be wise to disconnect the modem so as to turn off the tracking." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A cracker would be able to <a " "href=\"https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/\"> turn " "the Oculus Rift sensors into spy cameras</a> after breaking into the " "computer they are connected to." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(Unfortunately, the article <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">improperly refers to " "crackers as “hackers”</a>.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Samsung phones <a " "href=\"https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/\">have " "a security hole that allows an SMS message to install ransomware</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "WhatsApp has a feature that <a " "href=\"https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/\"> " "has been described as a “back door”</a> because it would enable " "governments to nullify its encryption." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The developers say that it wasn't intended as a back door, and that may well " "be true. But that leaves the crucial question of whether it functions as " "one. Because the program is nonfree, we cannot check by studying it." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The “smart” toys My Friend Cayla and i-Que can be <a " "href=\"https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws\">remotely " "controlled with a mobile phone</a>; physical access is not necessary. This " "would enable crackers to listen in on a child's conversations, and even " "speak into the toys themselves." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "This means a burglar could speak into the toys and ask the child to unlock " "the front door while Mommy's not looking." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "4G LTE phone networks are drastically insecure. They can be <a " "href=\"https://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/\"> " "taken over by third parties and used for man-in-the-middle attacks</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Due to weak security, <a " "href=\"http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844\">it " "is easy to open the doors of 100 million cars built by Volkswagen</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Ransomware <a " "href=\"https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/\"> " "has been developed for a thermostat that uses proprietary software</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A <a " "href=\"http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/\">flaw " "in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft " "account credentials, if the user is tricked into visiting a malicious link." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/\">“Deleted” " "WhatsApp messages are not entirely deleted</a>. They can be recovered in " "various ways." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A vulnerability in Apple's Image I/O API allowed an attacker to <a " "href=\"https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple\">execute " "malicious code from any application which uses this API to render a certain " "kind of image file</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A bug in a proprietary ASN.1 library, used in cell phone towers as well as " "cell phones and routers, <a " "href=\"http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover\">allows " "taking control of those systems</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Antivirus programs have so many errors that <a " "href=\"https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374\">they " "may make security worse</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "GNU/Linux does not need antivirus software." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Samsung's “Smart Home” has a big security hole; <a " "href=\"http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/\"> " "unauthorized people can remotely control it</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Samsung claims that this is an “open” platform so the problem is " "partly the fault of app developers. That is clearly true if the apps are " "proprietary software." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Anything whose name is “Smart” is most likely going to screw " "you." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A bug in the iThings Messages app <a " "href=\"https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/\">allowed " "a malicious web site to extract all the user's messaging history</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Malware was found on <a " "href=\"http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html\"> " "security cameras available through Amazon</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A camera that records locally on physical media, and has no network " "connection, does not threaten people with surveillance—neither by " "watching people through the camera, nor through malware in the camera." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Over 70 brands of network-connected surveillance cameras have <a " "href=\"http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html\"> " "security bugs that allow anyone to watch through them</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Many proprietary payment apps <a " "href=\"http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data\">transmit " "personal data in an insecure way</a>. However, the worse aspect of these " "apps is that <a href=\"/philosophy/surveillance-vs-democracy.html\">payment " "is not anonymous</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The Nissan Leaf has a built-in cell phone modem which allows effectively " "anyone to <a " "href=\"https://www.troyhunt.com/controlling-vehicle-features-of-nissan/\"> " "access its computers remotely and make changes in various settings</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "That's easy to do because the system has no authentication when accessed " "through the modem. However, even if it asked for authentication, you " "couldn't be confident that Nissan has no access. The software in the car is " "proprietary, <a " "href=\"/philosophy/free-software-even-more-important.html\">which means it " "demands blind faith from its users</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Even if no one connects to the car remotely, the cell phone modem enables " "the phone company to track the car's movements all the time; it is possible " "to physically remove the cell phone modem, though." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "FitBit fitness trackers have a <a " "href=\"http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/\"> " "Bluetooth vulnerability</a> that allows attackers to send malware to the " "devices, which can subsequently spread to computers and other FitBit " "trackers that interact with them." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "“Self-encrypting” disk drives do the encryption with proprietary " "firmware so you can't trust it. Western Digital's “My Passport” " "drives <a " "href=\"https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption\"> " "have a back door</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Security researchers discovered a <a " "href=\"http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text\"> " "vulnerability in diagnostic dongles used for vehicle tracking and " "insurance</a> that let them take remote control of a car or lorry using an " "SMS." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Crackers were able to <a " "href=\"http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/\"> " "take remote control of the Jeep</a> “connected car”. They could " "track the car, start or stop the engine, and activate or deactivate the " "brakes, and more." msgstr "" #. type: Content of: <div><ul><li><p> msgid "We expect that Chrysler and the NSA can do this too." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "If you own a car that contains a phone modem, it would be a good idea to " "deactivate this." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Due to bad security in a drug pump, crackers could use it to <a " "href=\"http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/\"> " "kill patients</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html\"> " "Many smartphone apps use insecure authentication methods when storing your " "personal data on remote servers</a>. This leaves personal information like " "email addresses, passwords, and health information vulnerable. Because many " "of these apps are proprietary it makes it hard to impossible to know which " "apps are at risk." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Hospira infusion pumps, which are used to administer drugs to a patient, " "were rated “<a " "href=\"https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/\">least " "secure IP device I've ever seen</a>” by a security researcher." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Depending on what drug is being infused, the insecurity could open the door " "to murder." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Mac OS X had an <a " "href=\"https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/\"> " "intentional local back door for 4 years</a>, which could be exploited by " "attackers to gain root privileges." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "An app to prevent “identity theft” (access to personal data) by " "storing users' data on a special server <a " "href=\"http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/\">was " "deactivated by its developer</a> which had discovered a security flaw." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "That developer seems to be conscientious about protecting personal data from " "third parties in general, but it can't protect that data from the state. " "Quite the contrary: confiding your data to someone else's server, if not " "first encrypted by you with free software, undermines your rights." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Lots of <a " "href=\"http://www.wired.com/2014/04/hospital-equipment-vulnerable/\"> " "hospital equipment has lousy security</a>, and it can be fatal." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The <a " "href=\"http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/\">insecurity " "of WhatsApp</a> makes eavesdropping a snap." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a href=\"http://www.bunniestudios.com/blog/?p=3554\"> Some flash memories " "have modifiable software</a>, which makes them vulnerable to viruses." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "We don't call this a “back door” because it is normal that you " "can install a new system in a computer, given physical access to it. " "However, memory sticks and cards should not be modifiable in this way." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/\"> " "Point-of-sale terminals running Windows were taken over</a> and turned into " "a botnet for the purpose of collecting customers' credit card numbers." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html\"> " "The NSA can tap data in smart phones, including iPhones, Android, and " "BlackBerry</a>. While there is not much detail here, it seems that this " "does not operate via the universal back door that we know nearly all " "portable phones have. It may involve exploiting various bugs. There are <a " "href=\"http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone\"> " "lots of bugs in the phones' radio software</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security\">The " "NSA has put back doors into nonfree encryption software</a>. We don't know " "which ones they are, but we can be sure they include some widely used " "systems. This reinforces the point that you can never trust the security of " "nonfree software." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The FTC punished a company for making webcams with <a " "href=\"http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html\"> " "bad security so that it was easy for anyone to watch through them</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a href=\"http://spritesmods.com/?art=hddhack&page=6\"> Replaceable " "nonfree software in disk drives can be written by a nonfree " "program</a>. This makes any system vulnerable to persistent attacks that " "normal forensics won't detect." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "It is possible to <a " "href=\"http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/\"> " "kill people by taking control of medical implants by radio</a>. More " "information in <a href=\"http://www.bbc.co.uk/news/technology-17631838\">BBC " "News</a> and <a " "href=\"https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/\"> " "IOActive Labs Research blog</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/\"> " "“Smart homes”</a> turn out to be stupidly vulnerable to " "intrusion." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html\"> " "Crackers found a way to break security on a “smart” TV</a> and " "use its camera to watch the people who are watching TV." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "It is possible to <a " "href=\"http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/\"> " "take control of some car computers through malware in music files</a>. Also " "<a href=\"http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0\"> by " "radio</a>. More information in <a href=\"http://www.autosec.org/faq.html\"> " "Automotive Security And Privacy Center</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and submitting translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and submitting translations of this article." msgstr "" #. type: Content of: <div><p> msgid "" "Copyright © 2013, 2015, 2016, 2017, 2018, 2019 Free Software " "Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""

# LANGUAGE translation of https://www.gnu.org/proprietary/proprietary-insecurity.html # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the original article. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: proprietary-insecurity.html\n" "POT-Creation-Date: 2019-11-18 14:55+0000\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=CHARSET\n" "Content-Transfer-Encoding: 8bit\n" #. type: Content of: msgid "Proprietary Insecurity - GNU Project - Free Software Foundation" msgstr "" #. type: Content of: <div><p> msgid "" "<a href=\"/proprietary/proprietary.html\">Proprietary malware</a> → " "Insecurity" msgstr "" #. type: Content of: <div><h2> msgid "Proprietary Insecurity" msgstr "" #. type: Content of: <div><div><p> msgid "" "Nonfree (proprietary) software is very often malware (designed to mistreat " "the user). Nonfree software is controlled by its developers, which puts them " "in a position of power over the users; <a " "href=\"/philosophy/free-software-even-more-important.html\">that is the " "basic injustice</a>. The developers and manufacturers often exercise that " "power to the detriment of the users they ought to serve." msgstr "" #. type: Content of: <div><div><p> msgid "This typically takes the form of malicious functionalities." msgstr "" #. type: Content of: <div><div><p> msgid "" "This page lists clearly established cases of insecurity in proprietary " "software that has grave consequences or is otherwise noteworthy. Even though " "most of these security flaws are unintentional, thus are not malicious " "functionalities in a strict sense, we report them to show that proprietary " "software is not immune to bugs, and is often quite sloppy." msgstr "" #. type: Content of: <div><div><p> msgid "" "All complex programs, whether free or proprietary, contain bugs. What makes " "bugs more dangerous in proprietary software is that users are <em>helpless " "to fix any security problems that arise</em>. Keeping the users helpless is " "what's culpable about proprietary software." msgstr "" #. type: Content of: <div><div><p> msgid "" "If you know of an example that ought to be in this page but isn't here, " "please write to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a> to inform " "us. Please include the URL of a trustworthy reference or two to serve as " "specific substantiation." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A series of vulnerabilities <a " "href=\"https://www.forbes.com/sites/gordonkelly/2019/08/31/apple-iphone-ipad-security-ios-upgrade-iphone-xs-max-xr-update/\">found " "in iOS allowed attackers to gain access to sensitive information including " "private messages, passwords, photos and contacts stored on the user's " "iMonster</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The deep insecurity of iMonsters is even more pertinent given that Apple's " "proprietary software makes users totally dependent on Apple for even a " "modicum of security. It also means that the devices do not even try to " "offer security against Apple itself." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Out of 21 gratis Android antivirus apps that were tested by security " "researchers, eight <a " "href=\"https://www.comparitech.com/antivirus/android-antivirus-vulnerabilities/\"> " "failed to detect a test virus</a>. All of them asked for dangerous " "permissions or contained advertising trackers, with seven being more risky " "than the average of the 100 most popular Android apps." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(Note that the article refers to these proprietary apps as " "“free”. It should have said “gratis” " "instead.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Many Android apps can track users' movements even when the user says <a " "href=\"https://www.theverge.com/2019/7/8/20686514/android-covert-channel-permissions-data-collection-imei-ssid-location\"> " "not to allow them access to locations</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "This involves an apparently unintentional weakness in Android, exploited " "intentionally by malicious apps." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Users caught in the jail of an iMonster are <a " "href=\"https://boingboing.net/2019/05/15/brittle-security.html\"> sitting " "ducks for other attackers</a>, and the app censorship prevents security " "companies from figuring out how those attacks work." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Apple's censorship of apps is fundamentally unjust, and would be inexcusable " "even if it didn't lead to security threats as well." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The Medtronics Conexus Telemetry Protocol has <a " "href=\"http://www.startribune.com/750-000-medtronic-defibrillators-vulnerable-to-hacking/507470932/\"> " "two vulnerabilities that affect several models of implantable " "defibrillators</a> and the devices they connect to." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "This protocol has been around since 2006, and similar vulnerabilities were " "discovered in an earlier Medtronics communication protocol in " "2008. Apparently, nothing was done by the company to correct them. This " "means you can't rely on proprietary software developers to fix bugs in their " "products." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The Ring (now Amazon) doorbell camera is designed so that the manufacturer " "(now Amazon) can watch all the time. Now it turns out that <a " "href=\"https://dojo.bullguard.com/dojo-by-bullguard/blog/ring/\"> anyone " "else can also watch, and fake videos too</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The third party vulnerability is presumably unintentional and Amazon will " "probably fix it. However, we do not expect Amazon to change the design that " "<a href=\"/proprietary/proprietary-surveillance.html#M201901100\">allows " "Amazon to watch</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Researchers have discovered how to <a " "href=\"http://news.rub.de/english/press-releases/2018-09-24-it-security-secret-messages-alexa-and-co\"> " "hide voice commands in other audio</a>, so that people cannot hear them, but " "Alexa and Siri can." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Crackers found a way to break the security of an Amazon device, and <a " "href=\"https://boingboing.net/2018/08/12/alexa-bob-carol.html\"> turn it " "into a listening device</a> for them." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "It was very difficult for them to do this. The job would be much easier for " "Amazon. And if some government such as China or the US told Amazon to do " "this, or cease to sell the product in that country, do you think Amazon " "would have the moral fiber to say no?" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(These crackers are probably hackers too, but please <a " "href=\"https://stallman.org/articles/on-hacking.html\"> don't use " "“hacking” to mean “breaking security”</a>.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Siri, Alexa, and all the other voice-control systems can be <a " "href=\"https://www.fastcodesign.com/90139019/a-simple-design-flaw-makes-it-astoundingly-easy-to-hack-siri-and-alexa\"> " "hijacked by programs that play commands in ultrasound that humans can't " "hear</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Some Samsung phones randomly <a " "href=\"https://www.theverge.com/circuitbreaker/2018/7/2/17528076/samsung-phones-text-rcs-update-messages\">send " "photos to people in the owner's contact list</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "One of the dangers of the “internet of stings” is that, if you " "lose your internet service, you also <a " "href=\"https://torrentfreak.com/piracy-notices-can-mess-with-your-thermostat-isp-warns-171224/\"> " "lose control of your house and appliances</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "For your safety, don't use any appliance with a connection to the real " "internet." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Intel's intentional “management engine” back door has <a " "href=\"https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/\"> " "unintended back doors</a> too." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Amazon recently invited consumers to be suckers and <a " "href=\"https://www.techdirt.com/articles/20171120/10533238651/vulnerability-fo\"> " "allow delivery staff to open their front doors</a>. Wouldn't you know it, " "the system has a grave security flaw." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Bad security in some cars makes it possible to <a " "href=\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14937\"> " "remotely activate the airbags</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A “smart” intravenous pump designed for hospitals is connected " "to the internet. Naturally <a " "href=\"https://www.techdirt.com/articles/20170920/09450338247/smart-hospital-iv-pump-vulnerable-to-remote-hack-attack.shtml\"> " "its security has been cracked</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(Note that this article misuses the term <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">“hackers”</a> " "referring to crackers.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The bad security in many Internet of Stings devices allows <a " "href=\"https://www.techdirt.com/articles/20170828/08152938092/iot-devices-provide-comcast-wonderful-new-opportunity-to-spy-you.shtml\">ISPs " "to snoop on the people that use them</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "Don't be a sucker—reject all the stings." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(It is unfortunate that the article uses the term <a " "href=\"/philosophy/words-to-avoid.html#Monetize\">“monetize”</a>.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Many models of Internet-connected cameras <a " "href=\"/proprietary/proprietary-back-doors.html#InternetCameraBackDoor\"> " "have backdoors</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "That is a malicious functionality, but in addition it is a gross insecurity " "since anyone, including malicious crackers, <a " "href=\"https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/\">can " "find those accounts and use them to get into users' cameras</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Intel's CPU backdoor—the Intel Management Engine—had a <a " "href=\"https://arstechnica.com/security/2017/05/intel-patches-remote-code-execution-bug-that-lurked-in-cpus-for-10-years/\">major " "security vulnerability for 10 years</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The vulnerability allowed a cracker to access the computer's Intel Active " "Management Technology (AMT) <a " "href=\"https://arstechnica.com/security/2017/05/the-hijacking-flaw-that-lurked-in-intel-chips-is-worse-than-anyone-thought/\"> " "web interface with an empty password and gave administrative access</a> to " "access the computer's keyboard, mouse, monitor among other privileges." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "It does not help that in newer Intel processors, it is impossible to turn " "off the Intel Management Engine. Thus, even users who are proactive about " "their security can do nothing to protect themselves besides using machines " "that don't come with the backdoor." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The proprietary code that runs pacemakers, insulin pumps, and other medical " "devices is <a href=\"http://www.bbc.co.uk/news/technology-40042584\"> full " "of gross security faults</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Conexant HD Audio Driver Package (version 1.0.0.46 and earlier) " "pre-installed on 28 models of HP laptops logged the user's keystroke to a " "file in the filesystem. Any process with access to the filesystem or the " "MapViewOfFile API could gain access to the log. Furthermore, <a " "href=\"https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt\">according " "to modzero</a> the “information-leak via Covert Storage Channel " "enables malware authors to capture keystrokes without taking the risk of " "being classified as malicious task by AV heuristics”." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Exploits of bugs in Windows, which were developed by the NSA and then leaked " "by the Shadowbrokers group, are now being used to <a " "href=\"https://theintercept.com/2017/05/12/the-nsas-lost-digital-weapon-is-helping-hijack-computers-around-the-world/\">attack " "a great number of Windows computers with ransomware</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Many Android devices <a " "href=\"https://arstechnica.com/security/2017/04/wide-range-of-android-phones-vulnerable-to-device-hijacks-over-wi-fi/\"> " "can be hijacked through their Wi-Fi chips</a> because of a bug in Broadcom's " "non-free firmware." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "When Miele's Internet of Stings hospital disinfectant dishwasher is <a " "href=\"https://motherboard.vice.com/en_us/article/pg9qkv/a-hackable-dishwasher-is-connecting-hospitals-to-the-internet-of-shit\"> " "connected to the Internet, its security is crap</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "For example, a cracker can gain access to the dishwasher's filesystem, " "infect it with malware, and force the dishwasher to launch attacks on other " "devices in the network. Since these dishwashers are used in hospitals, such " "attacks could potentially put hundreds of lives at risk." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "If you buy a used “smart” car, house, TV, refrigerator, etc., " "usually <a " "href=\"http://boingboing.net/2017/02/20/the-previous-owners-of-used.html\">the " "previous owners can still remotely control it</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The mobile apps for communicating <a " "href=\"https://www.bleepingcomputer.com/news/security/millions-of-smart-cars-vulnerable-due-to-insecure-android-apps/\">with " "a smart but foolish car have very bad security</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "This is in addition to the fact that the car contains a cellular modem that " "tells big brother all the time where it is. If you own such a car, it would " "be wise to disconnect the modem so as to turn off the tracking." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A cracker would be able to <a " "href=\"https://uploadvr.com/hackable-webcam-oculus-sensor-be-aware/\"> turn " "the Oculus Rift sensors into spy cameras</a> after breaking into the " "computer they are connected to." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<small>(Unfortunately, the article <a " "href=\"/philosophy/words-to-avoid.html#Hacker\">improperly refers to " "crackers as “hackers”</a>.)</small>" msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Samsung phones <a " "href=\"https://www.bleepingcomputer.com/news/security/sms-exploitable-bug-in-samsung-galaxy-phones-can-be-used-for-ransomware-attacks/\">have " "a security hole that allows an SMS message to install ransomware</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "WhatsApp has a feature that <a " "href=\"https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/\"> " "has been described as a “back door”</a> because it would enable " "governments to nullify its encryption." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The developers say that it wasn't intended as a back door, and that may well " "be true. But that leaves the crucial question of whether it functions as " "one. Because the program is nonfree, we cannot check by studying it." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The “smart” toys My Friend Cayla and i-Que can be <a " "href=\"https://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws\">remotely " "controlled with a mobile phone</a>; physical access is not necessary. This " "would enable crackers to listen in on a child's conversations, and even " "speak into the toys themselves." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "This means a burglar could speak into the toys and ask the child to unlock " "the front door while Mommy's not looking." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "4G LTE phone networks are drastically insecure. They can be <a " "href=\"https://www.theregister.co.uk/2016/10/23/every_lte_call_text_can_be_intercepted_blacked_out_hacker_finds/\"> " "taken over by third parties and used for man-in-the-middle attacks</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Due to weak security, <a " "href=\"http://jalopnik.com/almost-every-volkswagen-built-since-1995-is-vulnerable-1785159844\">it " "is easy to open the doors of 100 million cars built by Volkswagen</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Ransomware <a " "href=\"https://www.pentestpartners.com/security-blog/thermostat-ransomware-a-lesson-in-iot-security/\"> " "has been developed for a thermostat that uses proprietary software</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A <a " "href=\"http://www.zdnet.com/article/windows-attack-can-steal-your-username-password-and-other-logins/\">flaw " "in Internet Explorer and Edge</a> allows an attacker to retrieve Microsoft " "account credentials, if the user is tricked into visiting a malicious link." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"https://techcrunch.com/2016/07/29/research-shows-deleted-whatsapp-messages-arent-actually-deleted/\">“Deleted” " "WhatsApp messages are not entirely deleted</a>. They can be recovered in " "various ways." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A vulnerability in Apple's Image I/O API allowed an attacker to <a " "href=\"https://www.theguardian.com/technology/2016/jul/22/stagefright-flaw-ios-iphone-imessage-apple\">execute " "malicious code from any application which uses this API to render a certain " "kind of image file</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A bug in a proprietary ASN.1 library, used in cell phone towers as well as " "cell phones and routers, <a " "href=\"http://arstechnica.com/security/2016/07/software-flaw-puts-mobile-phones-and-networks-at-risk-of-complete-takeover\">allows " "taking control of those systems</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Antivirus programs have so many errors that <a " "href=\"https://theconversation.com/as-more-vulnerabilities-are-discovered-is-it-time-to-uninstall-antivirus-software-61374\">they " "may make security worse</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "GNU/Linux does not need antivirus software." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Samsung's “Smart Home” has a big security hole; <a " "href=\"http://arstechnica.com/security/2016/05/samsung-smart-home-flaws-lets-hackers-make-keys-to-front-door/\"> " "unauthorized people can remotely control it</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Samsung claims that this is an “open” platform so the problem is " "partly the fault of app developers. That is clearly true if the apps are " "proprietary software." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Anything whose name is “Smart” is most likely going to screw " "you." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A bug in the iThings Messages app <a " "href=\"https://theintercept.com/2016/04/12/apple-bug-exposed-chat-history-with-a-single-click/\">allowed " "a malicious web site to extract all the user's messaging history</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Malware was found on <a " "href=\"http://www.slate.com/blogs/future_tense/2016/04/11/security_cameras_sold_through_amazon_have_malware_according_to_security.html\"> " "security cameras available through Amazon</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "A camera that records locally on physical media, and has no network " "connection, does not threaten people with surveillance—neither by " "watching people through the camera, nor through malware in the camera." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Over 70 brands of network-connected surveillance cameras have <a " "href=\"http://www.kerneronsec.com/2016/02/remote-code-execution-in-cctv-dvrs-of.html\"> " "security bugs that allow anyone to watch through them</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Many proprietary payment apps <a " "href=\"http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data\">transmit " "personal data in an insecure way</a>. However, the worse aspect of these " "apps is that <a href=\"/philosophy/surveillance-vs-democracy.html\">payment " "is not anonymous</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The Nissan Leaf has a built-in cell phone modem which allows effectively " "anyone to <a " "href=\"https://www.troyhunt.com/controlling-vehicle-features-of-nissan/\"> " "access its computers remotely and make changes in various settings</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "That's easy to do because the system has no authentication when accessed " "through the modem. However, even if it asked for authentication, you " "couldn't be confident that Nissan has no access. The software in the car is " "proprietary, <a " "href=\"/philosophy/free-software-even-more-important.html\">which means it " "demands blind faith from its users</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Even if no one connects to the car remotely, the cell phone modem enables " "the phone company to track the car's movements all the time; it is possible " "to physically remove the cell phone modem, though." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "FitBit fitness trackers have a <a " "href=\"http://www.tripwire.com/state-of-security/latest-security-news/10-second-hack-delivers-first-ever-malware-to-fitness-trackers/\"> " "Bluetooth vulnerability</a> that allows attackers to send malware to the " "devices, which can subsequently spread to computers and other FitBit " "trackers that interact with them." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "“Self-encrypting” disk drives do the encryption with proprietary " "firmware so you can't trust it. Western Digital's “My Passport” " "drives <a " "href=\"https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption\"> " "have a back door</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Security researchers discovered a <a " "href=\"http://www.theguardian.com/technology/2015/aug/12/hack-car-brakes-sms-text\"> " "vulnerability in diagnostic dongles used for vehicle tracking and " "insurance</a> that let them take remote control of a car or lorry using an " "SMS." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Crackers were able to <a " "href=\"http://arstechnica.com/security/2015/07/fiat-chrysler-connected-car-bug-lets-hackers-take-over-jeep-remotely/\"> " "take remote control of the Jeep</a> “connected car”. They could " "track the car, start or stop the engine, and activate or deactivate the " "brakes, and more." msgstr "" #. type: Content of: <div><ul><li><p> msgid "We expect that Chrysler and the NSA can do this too." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "If you own a car that contains a phone modem, it would be a good idea to " "deactivate this." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Due to bad security in a drug pump, crackers could use it to <a " "href=\"http://www.wired.com/2015/06/hackers-can-send-fatal-doses-hospital-drug-pumps/\"> " "kill patients</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://phys.org/news/2015-05-app-vulnerability-threatens-millions-users.html\"> " "Many smartphone apps use insecure authentication methods when storing your " "personal data on remote servers</a>. This leaves personal information like " "email addresses, passwords, and health information vulnerable. Because many " "of these apps are proprietary it makes it hard to impossible to know which " "apps are at risk." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Hospira infusion pumps, which are used to administer drugs to a patient, " "were rated “<a " "href=\"https://securityledger.com/2015/05/researcher-drug-pump-the-least-secure-ip-device-ive-ever-seen/\">least " "secure IP device I've ever seen</a>” by a security researcher." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Depending on what drug is being infused, the insecurity could open the door " "to murder." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Mac OS X had an <a " "href=\"https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/\"> " "intentional local back door for 4 years</a>, which could be exploited by " "attackers to gain root privileges." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "An app to prevent “identity theft” (access to personal data) by " "storing users' data on a special server <a " "href=\"http://arstechnica.com/tech-policy/2014/05/id-theft-protector-lifelock-deletes-user-data-over-concerns-that-app-isnt-safe/\">was " "deactivated by its developer</a> which had discovered a security flaw." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "That developer seems to be conscientious about protecting personal data from " "third parties in general, but it can't protect that data from the state. " "Quite the contrary: confiding your data to someone else's server, if not " "first encrypted by you with free software, undermines your rights." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "Lots of <a " "href=\"http://www.wired.com/2014/04/hospital-equipment-vulnerable/\"> " "hospital equipment has lousy security</a>, and it can be fatal." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The <a " "href=\"http://arstechnica.com/security/2014/02/crypto-weaknesses-in-whatsapp-the-kind-of-stuff-the-nsa-would-love/\">insecurity " "of WhatsApp</a> makes eavesdropping a snap." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a href=\"http://www.bunniestudios.com/blog/?p=3554\"> Some flash memories " "have modifiable software</a>, which makes them vulnerable to viruses." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "We don't call this a “back door” because it is normal that you " "can install a new system in a computer, given physical access to it. " "However, memory sticks and cards should not be modifiable in this way." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://arstechnica.com/security/2013/12/credit-card-fraud-comes-of-age-with-first-known-point-of-sale-botnet/\"> " "Point-of-sale terminals running Windows were taken over</a> and turned into " "a botnet for the purpose of collecting customers' credit card numbers." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"https://web.archive.org/web/20180816030205/http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html\"> " "The NSA can tap data in smart phones, including iPhones, Android, and " "BlackBerry</a>. While there is not much detail here, it seems that this " "does not operate via the universal back door that we know nearly all " "portable phones have. It may involve exploiting various bugs. There are <a " "href=\"http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone\"> " "lots of bugs in the phones' radio software</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security\">The " "NSA has put back doors into nonfree encryption software</a>. We don't know " "which ones they are, but we can be sure they include some widely used " "systems. This reinforces the point that you can never trust the security of " "nonfree software." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "The FTC punished a company for making webcams with <a " "href=\"http://www.nytimes.com/2013/09/05/technology/ftc-says-webcams-flaw-put-users-lives-on-display.html\"> " "bad security so that it was easy for anyone to watch through them</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a href=\"http://spritesmods.com/?art=hddhack&page=6\"> Replaceable " "nonfree software in disk drives can be written by a nonfree " "program</a>. This makes any system vulnerable to persistent attacks that " "normal forensics won't detect." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "It is possible to <a " "href=\"http://siliconangle.com/blog/2013/07/27/famed-hacker-barnaby-jack-dies-days-before-scheduled-black-hat-appearance/\"> " "kill people by taking control of medical implants by radio</a>. More " "information in <a href=\"http://www.bbc.co.uk/news/technology-17631838\">BBC " "News</a> and <a " "href=\"https://ioactive.com/broken-hearts-how-plausible-was-the-homeland-pacemaker-hack/\"> " "IOActive Labs Research blog</a>." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://www.forbes.com/sites/kashmirhill/2013/07/26/smart-homes-hack/\"> " "“Smart homes”</a> turn out to be stupidly vulnerable to " "intrusion." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "<a " "href=\"http://www.dailymail.co.uk/sciencetech/article-2249303/Hackers-penetrate-home-Crack-Samsungs-Smart-TV-allows-attacker-seize-control-microphone-cameras.html\"> " "Crackers found a way to break security on a “smart” TV</a> and " "use its camera to watch the people who are watching TV." msgstr "" #. type: Content of: <div><ul><li><p> msgid "" "It is possible to <a " "href=\"http://www.pcworld.idg.com.au/article/379477/hacking_music_can_take_control_your_car/\"> " "take control of some car computers through malware in music files</a>. Also " "<a href=\"http://www.nytimes.com/2011/03/10/business/10hack.html?_r=0\"> by " "radio</a>. More information in <a href=\"http://www.autosec.org/faq.html\"> " "Automotive Security And Privacy Center</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't have notes. #. type: Content of: <div> msgid "*GNUN-SLOT: TRANSLATOR'S NOTES*" msgstr "" #. type: Content of: <div><div><p> msgid "" "Please send general FSF & GNU inquiries to <a " "href=\"mailto:gnu@gnu.org\"><gnu@gnu.org></a>. There are also <a " "href=\"/contact/\">other ways to contact</a> the FSF. Broken links and " "other corrections or suggestions can be sent to <a " "href=\"mailto:webmasters@gnu.org\"><webmasters@gnu.org></a>." msgstr "" #. TRANSLATORS: Ignore the original text in this paragraph, #. replace it with the translation of these two: # #. We work hard and do our best to provide accurate, good quality #. translations. However, we are not exempt from imperfection. #. Please send your comments and general suggestions in this regard #. to <a href="mailto:web-translators@gnu.org"> # #. <web-translators@gnu.org></a>.</p> # #. <p>For information on coordinating and submitting translations of #. our web pages, see <a #. href="/server/standards/README.translations.html">Translations #. README</a>. #. type: Content of: <div><div><p> msgid "" "Please see the <a " "href=\"/server/standards/README.translations.html\">Translations README</a> " "for information on coordinating and submitting translations of this article." msgstr "" #. type: Content of: <div><p> msgid "" "Copyright © 2013, 2015, 2016, 2017, 2018, 2019 Free Software " "Foundation, Inc." msgstr "" #. type: Content of: <div><p> msgid "" "This page is licensed under a <a rel=\"license\" " "href=\"http://creativecommons.org/licenses/by/4.0/\">Creative Commons " "Attribution 4.0 International License</a>." msgstr "" #. TRANSLATORS: Use space (SPC) as msgstr if you don't want credits. #. type: Content of: <div><div> msgid "*GNUN-SLOT: TRANSLATOR'S CREDITS*" msgstr "" #. timestamp start #. type: Content of: <div><p> msgid "Updated:" msgstr ""