[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary malware-mobiles.it.html po/malw...
|
From: |
GNUN |
|
Subject: |
www/proprietary malware-mobiles.it.html po/malw... |
|
Date: |
Mon, 13 Feb 2017 22:59:34 -0500 (EST) |
CVSROOT: /web/www
Module name: www
Changes by: GNUN <gnun> 17/02/13 22:59:34
Modified files:
proprietary : malware-mobiles.it.html
Added files:
proprietary/po : malware-mobiles.it-diff.html
Log message:
Automatic update by GNUnited Nations.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/malware-mobiles.it.html?cvsroot=www&r1=1.10&r2=1.11
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/po/malware-mobiles.it-diff.html?cvsroot=www&rev=1.1
Patches:
Index: malware-mobiles.it.html
===================================================================
RCS file: /web/www/www/proprietary/malware-mobiles.it.html,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -b -r1.10 -r1.11
--- malware-mobiles.it.html 18 Nov 2016 07:33:05 -0000 1.10
+++ malware-mobiles.it.html 14 Feb 2017 03:59:34 -0000 1.11
@@ -1,4 +1,9 @@
-<!--#set var="ENGLISH_PAGE" value="/proprietary/malware-mobiles.en.html" -->
+<!--#set var="PO_FILE"
+ value='<a href="/proprietary/po/malware-mobiles.it.po">
+ https://www.gnu.org/proprietary/po/malware-mobiles.it.po</a>'
+ --><!--#set var="ORIGINAL_FILE" value="/proprietary/malware-mobiles.html"
+ --><!--#set var="DIFF_FILE"
value="/proprietary/po/malware-mobiles.it-diff.html"
+ --><!--#set var="OUTDATED_SINCE" value="2016-12-16" --><!--#set
var="ENGLISH_PAGE" value="/proprietary/malware-mobiles.en.html" -->
<!--#include virtual="/server/header.it.html" -->
<!-- Parent-Version: 1.79 -->
@@ -16,6 +21,7 @@
</style>
<!--#include virtual="/server/banner.it.html" -->
+<!--#include virtual="/server/outdated.it.html" -->
<h2>Malware nei dispositivi mobili</h2>
<p><a href="/proprietary/proprietary.html">Altri esempi di malware
@@ -336,7 +342,7 @@
<p class="unprintable"><!-- timestamp start -->
Ultimo aggiornamento:
-$Date: 2016/11/18 07:33:05 $
+$Date: 2017/02/14 03:59:34 $
<!-- timestamp end -->
</p>
Index: po/malware-mobiles.it-diff.html
===================================================================
RCS file: po/malware-mobiles.it-diff.html
diff -N po/malware-mobiles.it-diff.html
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ po/malware-mobiles.it-diff.html 14 Feb 2017 03:59:34 -0000 1.1
@@ -0,0 +1,325 @@
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
+ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd";>
+<!-- Generated by GNUN -->
+<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
+<head>
+<meta http-equiv="content-type" content="text/html; charset=utf-8" />
+<title>/proprietary/malware-mobiles.html-diff</title>
+<style type="text/css">
+span.removed { background-color: #f22; color: #000; }
+span.inserted { background-color: #2f2; color: #000; }
+</style></head>
+<body><pre>
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.79 -->
+<title>Malware in Mobile Devices
+- GNU Project - Free Software Foundation</title>
+ <!--#include virtual="/proprietary/po/malware-mobiles.translist" -->
+<style type="text/css" media="print,screen">
+<!--
+#content div.toc li { list-style: none; margin-bottom: 1em; }
+#content div.toc { margin-top: 1em; }
+-->
+</style>
+<!--#include virtual="/server/banner.html" -->
+<h2>Malware in Mobile Devices</h2>
+
+<p><a href="/proprietary/proprietary.html">Other examples of
proprietary
+malware</a></p>
+
+<div class="highlight-para">
+<p>
+<em>Malware</em> means software designed to function in ways that
+mistreat or harm the user. (This does not include accidental errors.)
+</p>
+
+<p>
+Malware and nonfree software are two different issues. The difference
+between <a href="/philosophy/free-sw.html">free software</a> and
+nonfree software is in <a
+href="/philosophy/free-software-even-more-important.html">
+whether the users have control of the program or vice versa</a>. It's
+not directly a question of what the program <em>does</em> when it
+runs. However, in practice nonfree software is often malware, because
+the developer's awareness that the users would be powerless to fix any
+malicious functionalities tempts the developer to impose some.
+</p>
+</div>
+
+<p>Here are examples of malware in mobile devices. See also
+the <a href="/proprietary/malware-apple.html">the Apple malware
+page</a> for malicious functionalities specific to the Apple
iThings.</p>
+
+<div class="toc">
+<div class="malfunctions">
+<ul>
+<li><strong>Type of malware</strong></li>
+<li><a href="#back-doors">Back doors</a></li>
+<!--<li><a
href="#censorship">Censorship</a></li>-->
+<li><a href="#insecurity">Insecurity</a></li>
+<!--<li><a href="#sabotage">Sabotage</a></li>-->
+<!--<li><a
href="#interference">Interference</a></li>-->
+<li><a href="#surveillance">Surveillance</a></li>
+<span class="removed"><del><strong><!--<li><a</strong></del></span>
+<span class="inserted"><ins><em><li><a</em></ins></span>
href="#drm">Digital restrictions
+ management</a> or “DRM” means functionalities designed
+ to restrict what users can do with the data in their <span
class="removed"><del><strong>computers.</li>--></strong></del></span>
<span class="inserted"><ins><em>computers.</li></em></ins></span>
+<li><a href="#jails">Jails</a>—systems
+ that impose censorship on application programs.</li>
+<li><a href="#tyrants">Tyrants</a>—systems
+ that reject any operating system not “authorized” by the
+ manufacturer.</li>
+</ul>
+</div>
+</div>
+
+<h3 id="back-doors">Mobile Back Doors</h3>
+<ul>
+ <li><p>The universal back door in portable phones <a
+
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">is
+ employed to listen through their microphones</a>.</p>
+ </li>
+
+ <li><p>Most mobile phones have a universal back door, which has
been
+ used to <a
+
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
+ turn them malicious</a>.</p>
+ </li>
+
+ <li><p><a
href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor">
+ Samsung Galaxy devices running proprietary Android versions come with a
+ back door</a> that provides remote access to the data stored on the
+ device.</p>
+ </li>
+
+ <li><p><a
href="/proprietary/proprietary-back-doors.html#samsung">
+ Samsung's back door</a> provides access to any file on the
system.</p>
+ </li>
+
+ <li>
+ <p>In Android, <a
+
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
+ Google has a back door to remotely delete apps.</a> (It is in a
program
+ called GTalkService).
+ </p>
+
+<p>Google can also <a
+href="https://web.archive.org/web/20150520235257/https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/";
+title="at the Wayback Machine (archived May 20, 2015)">forcibly and remotely
+install apps</a> through GTalkService (which seems, since that article,
to have
+been merged into Google Play). This adds up to a universal back door.
</p>
+
+ <p>
+ Although Google's <em>exercise</em> of this power has not been
+ malicious so far, the point is that nobody should have such power,
+ which could also be used maliciously. You might well decide to let a
+ security service remotely <em>deactivate</em> programs that it
+ considers malicious. But there is no excuse for allowing it
+ to <em>delete</em> the programs, and you should have the right to
+ decide who (if anyone) to trust in this way.
+ </p>
+ </li>
+</ul>
+
+<h3 id="insecurity">Mobile Insecurity</h3>
+<ul>
+<li>
+<p>Many proprietary payment apps <a
+href="http://www.bloomberg.com/news/articles/2016-03-10/many-mobile-payments-startups-aren-t-properly-securing-user-data">
+transmit personal data in an insecure way</a>.
+However, the worse aspect of these apps is that
+<a href="/philosophy/surveillance-vs-democracy.html">payment is not
anonymous</a>.
+</p>
+</li>
+
+ <li><p><a
href="http://www.spiegel.de/international/world/privacy-scandal-nsa-can-spy-on-smart-phone-data-a-920971.html">
+ The NSA can tap data in smart phones, including iPhones, Android, and
+ BlackBerry</a>. While there is not much detail here, it seems that this
+ does not operate via the universal back door that we know nearly all
+ portable phones have. It may involve exploiting various bugs. There are
+ <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ lots of bugs in the phones' radio software</a>.</p>
+ </li>
+</ul>
+
+<h3 id="surveillance">Mobile Surveillance</h3>
+<ul>
+<span class="inserted"><ins><em><li><p>The Meitu photo-editing
+app <a
href="https://theintercept.com/2017/01/21/popular-selfie-app-sending-user-data-to-china-researchers-say/">sends
+user data to a Chinese
company</a>.</p></li></em></ins></span>
+
+<li>
+<p>A half-blind security critique of a tracking app: it found that <a
+href="http://www.consumerreports.org/mobile-security-software/glow-pregnancy-app-exposed-women-to-privacy-threats/">
+blatant flaws allowed anyone to snoop on a user's personal data</a>.
+The critique fails entirely to express concern that the app sends the
+personal data to a server, where the <em>developer</em> gets it
all.
+This “service” is for suckers!</p>
+
+<p>The server surely has a “privacy policy,” and surely it
+is worthless since nearly all of them are.</p>
+</li>
+
+ <li><p>Apps that include
+ <a
href="http://techaeris.com/2016/01/13/symphony-advanced-media-software-tracks-your-digital-life-through-your-smartphone-mic/">
+ Symphony surveillance software snoop on what radio and TV programs are
+ playing nearby</a>. Also on what users post on various sites such as
+ Facebook, Google+ and Twitter.</p>
+ </li>
+
+ <li><p>More than 73% and 47% of mobile applications, both from
Android and iOS
+ respectively <a href="http://jots.pub/a/2015103001/index.php">share
personal,
+ behavioral and location information</a> of their users with third
parties.</p>
+ </li>
+
+ <li><p>“Cryptic communication,” unrelated to the
app's functionality,
+ was <a
href="http://news.mit.edu/2015/data-transferred-android-apps-hiding-1119">
+ found in the 500 most popular gratis Android apps</a>.</p>
+
+ <p>The article should not have described these apps as
+ “free”—they are not free software. The clear way to say
+ “zero price” is “gratis.”</p>
+
+ <p>The article takes for granted that the usual analytics tools are
+ legitimate, but is that valid? Software developers have no right to
+ analyze what users are doing or how. “Analytics” tools that
snoop are
+ just as wrong as any other snooping.</p>
+ </li>
+
+ <li><p>Many proprietary apps for mobile devices report which
other
+ apps the user has
+ installed. <a
href="http://techcrunch.com/2014/11/26/twitter-app-graph/">Twitter
+ is doing this in a way that at least is visible and
+ optional</a>. Not as bad as what the others do.</p>
+ </li>
+
+ <li><p>Portable phones with GPS will send their GPS location on
remote
+ command and users cannot stop them: <a
+
href="http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers">
+
http://www.aclu.org/government-location-tracking-cell-phones-gps-devices-and-license-plate-readers</a>.
+ (The US says it will eventually require all new portable phones to have
+ GPS.)</p>
+ </li>
+
+ <li><p>Spyware in Cisco TNP IP phones: <a
+
href="http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html">
+
http://boingboing.net/2012/12/29/your-cisco-phone-is-listening.html</a>.</p></li>
+
+ <li><p>Spyware in Android phones (and Windows? laptops): The
Wall Street
+ Journal (in an article blocked from us by a paywall) reports that <a
+
href="http://www.theverge.com/2013/8/1/4580718/fbi-can-remotely-activate-android-and-laptop-microphones-reports-wsj">
+ the FBI can remotely activate the GPS and microphone in Android phones
+ and laptops</a>. (I suspect this means Windows laptops.) Here is <a
+ href="http://cryptome.org/2013/08/fbi-hackers.htm">more
info</a>.</p>
+ </li>
+
+ <li><p>Some Motorola phones modify Android to <a
+ href="http://www.beneaththewaves.net/Projects/Motorola_Is_Listening.html">
+ send personal data to Motorola.</a></p>
+ </li>
+
+ <li><p>Some manufacturers add a <a
+
href="http://androidsecuritytest.com/features/logs-and-services/loggers/carrieriq/">
+ hidden general surveillance package such as Carrier IQ.</a></p>
+ </li>
+
+ <li><p>Widely used <a
+
href="https://freedom-to-tinker.com/blog/kollarssmith/scan-this-or-scan-me-user-privacy-barcode-scanning-applications/">proprietary
+ QR-code scanner apps snoop on the user</a>. This is in addition to
+ the snooping done by the phone company, and perhaps by the OS in the
+ phone.</p>
+
+ <p>Don't be distracted by the question of whether the app developers
get
+ users to say “I agree”. That is no excuse for malware.</p>
+ </li>
+</ul>
+
+<h3 <span class="inserted"><ins><em>id="drm">Mobile DRM</h3>
+<ul>
+ <li><p>Android <a
href="https://developer.android.com/reference/android/drm/package-summary.html">contains
+ facilities specifically to support DRM</a>.</p>
+ </li>
+</ul>
+
+<h3</em></ins></span> id="jails">Mobile Jails</h3>
+<ul>
+ <li><p><a
+ href="https://fsf.org/campaigns/secure-boot-vs-restricted-boot/">Mobile
+ devices that come with Windows 8 are tyrants</a>. <a
+
href="http://www.itworld.com/article/2832657/operating-systems/microsoft-metro-app-store-lock-down.html">Windows
+ 8 on “mobile devices” is a jail.</a></p>
+ </li>
+</ul>
+
+<h3 id="tyrants">Mobile Tyrants</h3>
+<ul>
+ <li><p><a
href="http://blog.azimuthsecurity.com/2013/04/unlocking-motorola-bootloader.html">
+ Some Android phones are tyrants</a> (though someone found a way to
crack
+ the restriction). Fortunately, most Android devices are not
tyrants.</p>
+ </li>
+</ul>
+</div><!-- for id="content", starts in the include above -->
+<!--#include virtual="/server/footer.html" -->
+<div id="footer">
+<div class="unprintable">
+
+<p>Please send general FSF & GNU inquiries to
+<a href="mailto:address@hidden"><address@hidden></a>.
+There are also <a href="/contact/">other ways to contact</a>
+the FSF. Broken links and other corrections or suggestions can be sent
+to <a
href="mailto:address@hidden"><address@hidden></a>.</p>
+
+<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
+ replace it with the translation of these two:
+
+ We work hard and do our best to provide accurate, good quality
+ translations. However, we are not exempt from imperfection.
+ Please send your comments and general suggestions in this regard
+ to <a href="mailto:address@hidden">
+ <address@hidden></a>.</p>
+
+ <p>For information on coordinating and submitting translations of
+ our web pages, see <a
+ href="/server/standards/README.translations.html">Translations
+ README</a>. -->
+Please see the <a
+href="/server/standards/README.translations.html">Translations
+README</a> for information on coordinating and submitting translations
+of this article.</p>
+</div>
+
+<!-- Regarding copyright, in general, standalone pages (as opposed to
+ files generated as part of manuals) on the GNU web server should
+ be under CC BY-ND 4.0. Please do NOT change or remove this
+ without talking with the webmasters or licensing team first.
+ Please make sure the copyright date is consistent with the
+ document. For web pages, it is ok to list just the latest year the
+ document was modified, or published.
+
+ If you wish to list earlier years, that is ok too.
+ Either "2001, 2002, 2003" or "2001-2003" are ok for specifying
+ years, as long as each year in the range is in fact a copyrightable
+ year, i.e., a year in which the document was published (including
+ being publicly visible on the web or in a revision control system).
+
+ There is more detail about copyright years in the GNU Maintainers
+ Information document, www.gnu.org/prep/maintain. -->
+
+<p>Copyright © 2014, 2015, <span
class="removed"><del><strong>2016</strong></del></span> <span
class="inserted"><ins><em>2016, 2017</em></ins></span> Free Software
Foundation, Inc.</p>
+
+<p>This page is licensed under a <a rel="license"
+href="http://creativecommons.org/licenses/by-nd/4.0/">Creative
+Commons Attribution-NoDerivatives 4.0 International
License</a>.</p>
+
+<!--#include virtual="/server/bottom-notes.html" -->
+
+<p class="unprintable">Updated:
+<!-- timestamp start -->
+$Date: 2017/02/14 03:59:34 $
+<!-- timestamp end -->
+</p>
+</div>
+</div>
+</body>
+</html>
+</pre></body></html>
- www/proprietary malware-mobiles.it.html po/malw...,
GNUN <=