[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/proprietary proprietary-back-doors.html
From: |
Richard M. Stallman |
Subject: |
www/proprietary proprietary-back-doors.html |
Date: |
Thu, 11 Jan 2018 21:17:17 -0500 (EST) |
CVSROOT: /web/www
Module name: www
Changes by: Richard M. Stallman <rms> 18/01/11 21:17:17
Modified files:
proprietary : proprietary-back-doors.html
Log message:
Rewrite the basic mobile phone back door
to match malware-mobiles.html.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/proprietary/proprietary-back-doors.html?cvsroot=www&r1=1.55&r2=1.56
Patches:
Index: proprietary-back-doors.html
===================================================================
RCS file: /web/www/www/proprietary/proprietary-back-doors.html,v
retrieving revision 1.55
retrieving revision 1.56
diff -u -b -r1.55 -r1.56
--- proprietary-back-doors.html 25 Dec 2017 13:20:04 -0000 1.55
+++ proprietary-back-doors.html 12 Jan 2018 02:17:17 -0000 1.56
@@ -22,7 +22,7 @@
<p>The Furby Connect has a <a
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
universal back door</a>. If the product as shipped doesn't act as a
- listening device, changing the code could surely convert it into one.</p>
+ listening device, remote changes to the code could surely convert it into
one.</p>
</li>
<li>
@@ -108,15 +108,30 @@
total control of the machine by repeatedly nagging the user
for an admini password</a>.</p>
</li>
- <li>
- <p>The universal back door in portable phones
- <a
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">
- is employed to listen through their microphones</a>.</p>
- <p>Most mobile phones have this universal back door, which has been
- used to
+ <li><p>Almost every phone's communication processor has
+ a <a name="above">universal back door</a> which
+ is <a
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">
+ often used to make a phone transmit all conversations it
+ hears</a>.</p>
+ <p>The back
+ door <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">
+ may take the form of bugs that have gone 20 years unfixed</a>.
+ The choice to leave the security holes in place is morally
+ equivalent to writing a back door.</p>
+ <p>The back door is in the “modem processor”, whose
+ job is to communicate with the radio network. In most phones,
+ the modem processor controls the microphone. In most phones it
+ has the power to rewrite the software for the main processor
+ too.</p>
+ <p>A few phone models are specially designed so that the modem
+ processor does not control the microphone, and so that it can't
+ change the software in the main processor. They still have the
+ back door, but at least it is unable to turn the phone unto a
+ listening device.</p>
+ <p>The universal back door is apparently also used to make phones
<a
href="http://www.slate.com/blogs/future_tense/2013/07/22/nsa_can_reportedly_track_cellphones_even_when_they_re_turned_off.html">
- turn them malicious</a>.</p>
- <p>More about <a
href="http://www.osnews.com/story/27416/The_second_operating_system_hiding_in_every_mobile_phone">the
nature of this problem</a>.</p>
+ transmit even when they are turned off</a>. This means their movements
+ are tracked, and may also make the listening feature work.</p>
</li>
<li><p><a
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
@@ -255,25 +270,20 @@
But there is no excuse for <em>deleting</em> the programs, and you
should have the right to decide who (if anyone) to trust in this way.
</p>
-
-<p>
-As these pages show, if you do want to clean your computer of malware,
-the first software to delete is Windows or iOS.
-</p>
</li>
<li>
<p>In Android,
<a
href="http://www.computerworld.com/article/2506557/security0/google-throws--kill-switch--on-android-phones.html">
-Google has a back door to remotely delete apps.</a> (It is in a program
-called GTalkService).
+Google has a back door to remotely delete apps.</a> (It was in a
+program called GTalkService, which seems since then to have been
+merged into Google Play.)
</p>
<p>
Google can also
<a
href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/">
-forcibly and remotely install apps</a> through GTalkService (which
-seems, since that article, to have been merged into Google Play).
+forcibly and remotely install apps</a> through GTalkService.
This is not equivalent to a universal back door, but permits various
dirty tricks.
</p>
@@ -424,7 +434,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2017/12/25 13:20:04 $
+$Date: 2018/01/12 02:17:17 $
<!-- timestamp end -->
</p>
</div>
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- www/proprietary proprietary-back-doors.html,
Richard M. Stallman <=