[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary malware-mobiles.html
From: |
Richard M. Stallman |
Subject: |
www/proprietary malware-mobiles.html |
Date: |
Thu, 11 Jan 2018 21:16:37 -0500 (EST) |
CVSROOT: /web/www
Module name: www
Changes by: Richard M. Stallman <rms> 18/01/11 21:16:37
Modified files:
proprietary : malware-mobiles.html
Log message:
Add/move the principal phone malfeatures to the top.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-mobiles.html?cvsroot=www&r1=1.51&r2=1.52
Patches:
Index: malware-mobiles.html
===================================================================
RCS file: /web/www/www/proprietary/malware-mobiles.html,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -b -r1.51 -r1.52
--- malware-mobiles.html 12 Sep 2017 02:42:20 -0000 1.51
+++ malware-mobiles.html 12 Jan 2018 02:16:37 -0000 1.52
@@ -33,6 +33,49 @@
</p>
</div>
+<div class="highlight-para">
+<p>Nearly all mobile phones do two grievous wrongs to their users:
+tracking their movements, and listening to their conversations. This
+is why we call them “Stalin's dream”.</p>
+</div>
+
+<ul>
+ <li><p>The phone network
+ <a href="https://ssd.eff.org/en/module/problem-mobile-phones">
+ tracks the movements of each phone</a>.</p>
+ <p>This is inherent in the design of the phone network: as long as
+ the phone is in communication with the network, there is no way
+ to stop the network from recording its location. Many countries
+ (including the US and the EU) require the network to store all
+ these location data for months or years.</p>
+ </li>
+ <li><p>Almost every phone's communication processor has
+ a <a name="above">universal back door</a> which
+ is <a
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">
+ often used to make a phone transmit all conversations it
+ hears</a>.</p>
+ <p>The back
+ door <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ may take the form of bugs that have gone 20 years unfixed</a>.
+ The choice to leave the security holes in place is morally
+ equivalent to writing a back door.</p>
+ <p>The back door is in the “modem processor”, whose
+ job is to communicate with the radio network. In most phones,
+ the modem processor controls the microphone. In most phones it
+ has the power to rewrite the software for the main processor
+ too.</p>
+ <p>A few phone models are specially designed so that the modem
+ processor does not control the microphone, and so that it can't
+ change the software in the main processor. They still have the
+ back door, but at least it is unable to turn the phone unto a
+ listening device.</p>
+ <p>The universal back door is apparently also used to make phones
+ <a
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
+ transmit even when they are turned off</a>. This means their movements
+ are tracked, and may also make the listening feature work.</p>
+ </li>
+</ul>
+
<p>Here are examples of malware in mobile devices. See also
the <a href="/proprietary/malware-apple.html">the Apple malware
page</a> for malicious functionalities specific to the Apple iThings.</p>
@@ -60,14 +103,9 @@
<h3 id="back-doors">Mobile Back Doors</h3>
<ul>
<li>
- <p>The universal back door in portable phones
- <a
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">
- is employed to listen through their microphones</a>.</p>
- <p>Most mobile phones have this universal back door, which has been
- used to
- <a
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
- turn them malicious</a>.</p>
- <p>More about <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">the
nature of this problem</a>.</p>
+ <p>See <a href="#above">above</a> for the general universal back
+ door in essentially all mobile phones, which permits converting
+ them into full-time listening devices.</p>
</li>
<li><p><a
href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor">
@@ -81,17 +119,20 @@
</li>
<li>
- <p>In Android, <a
-
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
- Google has a back door to remotely delete apps</a> (it is in a program
- called GTalkService).
+ <p>In Android,
+ <a
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
+ Google has a back door to remotely delete apps.</a> (It was in a
+ program called GTalkService, which seems since then to have been
+ merged into Google Play.)
</p>
-<p>Google can also <a
-href="https://web.archive.org/web/20150520235257/https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/"
-title="at the Wayback Machine (archived May 20, 2015)">forcibly and remotely
-install apps</a> through GTalkService (which seems, since that article, to have
-been merged into Google Play). This adds up to a universal back door. </p>
+ <p>
+ Google can also
+ <a
href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/">
+ forcibly and remotely install apps</a> through Google Play.
+ This is not equivalent to a universal back door, but permits various
+ dirty tricks.
+ </p>
<p>
Although Google's <em>exercise</em> of this power has not been
@@ -491,7 +532,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2017/09/12 02:42:20 $
+$Date: 2018/01/12 02:16:37 $
<!-- timestamp end -->
</p>
</div>
- www/proprietary malware-mobiles.html,
Richard M. Stallman <=