[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
www/server/staging/proprietary proprietary-back...
|
From: |
Therese Godefroy |
|
Subject: |
www/server/staging/proprietary proprietary-back... |
|
Date: |
Fri, 15 Jan 2021 08:49:10 -0500 (EST) |
CVSROOT: /webcvs/www
Module name: www
Changes by: Therese Godefroy <th_g> 21/01/15 08:49:10
Modified files:
server/staging/proprietary: proprietary-back-doors.html
Log message:
Date tags: only dispplay the year an month of most recent article
(extracted from Id); remove bullets.
CVSWeb URLs:
http://web.cvs.savannah.gnu.org/viewcvs/www/server/staging/proprietary/proprietary-back-doors.html?cvsroot=www&r1=1.14&r2=1.15
Patches:
Index: proprietary-back-doors.html
===================================================================
RCS file:
/webcvs/www/www/server/staging/proprietary/proprietary-back-doors.html,v
retrieving revision 1.14
retrieving revision 1.15
diff -u -b -r1.14 -r1.15
--- proprietary-back-doors.html 19 Feb 2020 19:00:16 -0000 1.14
+++ proprietary-back-doors.html 15 Jan 2021 13:49:07 -0000 1.15
@@ -1,15 +1,5 @@
-<!DOCTYPE html>
-<html xmlns="http://www.w3.org/1999/xhtml"; xml:lang="en" lang="en">
-<head>
-<meta http-equiv="content-type" content="text/html; charset=utf-8" />
-<link rev="made" href="mailto:webmasters@gnu.org"; />
-<link rel="icon" type="image/png" href="/graphics/gnu-head-mini.png" />
-<meta name="ICBM" content="42.355469,-71.058627" />
-<meta name="DC.title" content="gnu.org" />
-<link rel="stylesheet" type="text/css" href="/reset.css" media="screen" />
-<link rel="stylesheet" type="text/css" href="/mini.css" media="handheld" />
-<link rel="stylesheet" type="text/css" href="/server/staging/layout.css"
media="screen" />
-<link rel="stylesheet" type="text/css" href="/print.min.css" media="print" />
+<!--#include virtual="/server/header.html" -->
+<!-- Parent-Version: 1.92 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
@@ -19,23 +9,38 @@
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Proprietary Back Doors - GNU Project - Free Software Foundation</title>
-<link rel="stylesheet" type="text/css" href="/server/staging/education.css"
media="screen" />
+<link rel="stylesheet" type="text/css" href="/side-menu.css"
media="screen,print" />
+<style type="text/css" media="print,screen"><!--
+ ul.blurbs > li {
+ list-style: none;
+ }
+ .date-tag {
+ background-color: #f3f3f3;
+ border-radius: .25em;
+ color: #505050;
+ line-height: 1.5em;
+ padding: .2em .5em;
+ white-space: nowrap;
+ position: relative; right: 2em;
+ }
+--></style>
<!--#include virtual="/proprietary/po/proprietary-back-doors.translist" -->
-<!--#include virtual="/server/staging/banner.html" -->
-<div id="main">
+<!--#include virtual="/server/banner.html" -->
+<div class="nav">
+<a id="side-menu-button" class="switch" href="#navlinks">
+ <img id="side-menu-icon" height="32"
+ src="/graphics/icons/side-menu.png"
+ title="Section contents"
+ alt=" [Section contents] " />
+</a>
-<div id="section-menu">
- <a id="sect-menu-button" class="switch" href="#navlinks">
- <img id="sect-menu-icon" height="32"
- src="/server/staging/layout/sect-menu.png"
- alt="Section menu" /></a>
-</div>
<p class="breadcrumb">
- <a href="/proprietary/proprietary.html#content">Proprietary malware</a> >
-<a href="/proprietary/proprietary.html#types">By type</a> >
- Back doors
+ <a href="/"><img src="/graphics/icons/home.png" height="24"
+ alt="GNU Home" title="GNU Home" /></a> /
+ <a href="/proprietary/proprietary.html">Malware</a> /
+ By type /
</p>
-
+</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#if expr="$OUTDATED_SINCE" --><!--#else -->
<!--#if expr="$LANGUAGE_SUFFIX" -->
@@ -43,10 +48,12 @@
<!--#include virtual="/server/top-addendum.html" -->
<!--#endif -->
<!--#endif -->
-<h2 id="main-heading">Proprietary Back Doors</h2>
+<div style="clear: both"></div>
+<div id="last-div" class="reduced-width">
+<h2>Proprietary Back Doors</h2>
-<div id="about-dir">
-<hr class="thin" />
+<div class="infobox">
+<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
@@ -55,20 +62,18 @@
that power to the detriment of the users they ought to serve.</p>
<p>This typically takes the form of malicious functionalities.</p>
-<hr class="thin" />
+<hr class="full-width" />
</div>
<div class="article">
-<div id="about-page">
<p>Some malicious functionalities are mediated by <a
href="/proprietary/proprietary.html#f1">back doors</a>. Here are
examples of programs that contain one or several of those, classified
according to what the back door is known to have the power to do.
Back doors that allow full control over the programs which contain them
are said to be “universal.”</p>
-</div>
-<div class="announcement">
+<div class="important">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org";><webmasters@gnu.org></a>
@@ -76,7 +81,7 @@
to serve as specific substantiation.</p>
</div>
-<div class="toc-inline">
+<div id="TOC" class="toc-inline">
<h3>Back-door functionalities</h3>
<ul>
<li><a href="#spy">Spying</a></li>
@@ -90,7 +95,24 @@
<h3 id='spy'>Spying</h3>
<ul class="blurbs">
+ <li id="M202008030">
+ <!--#set var="DATE" value='<small class="date-tag">[2020-08]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Google Nest <a
+
href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/";>
+ is taking over ADT</a>. Google sent out a software
+ update to its speaker devices using their back door <a
+ href="https://www.protocol.com/google-smart-speaker-alarm-adt";> that
+ listens for things like smoke alarms</a> and then notifies your phone
+ that an alarm is happening. This means the devices now listen for more
+ than just their wake words. Google says the software update was sent
+ out prematurely and on accident and Google was planning on disclosing
+ this new feature and offering it to customers who pay for it.</p>
+ </li>
+
<li id="M201706200.2">
+ <!--#set var="DATE" value='<small class="date-tag">[2017-06]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p id="InternetCameraBackDoor">Many models of Internet-connected
cameras contain a glaring back door—they have login
accounts with hard-coded passwords, which can't be changed, and <a
@@ -104,6 +126,8 @@
</li>
<li id="M201701130">
+ <!--#set var="DATE" value='<small class="date-tag">[2017-01]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>WhatsApp has a feature that <a
href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/";>
has been described as a “back door”</a> because it would
@@ -116,12 +140,16 @@
</li>
<li id="M201512280">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-12]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has <a
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/";>
backdoored its disk encryption</a>.</p>
</li>
<li id="M201409220">
+ <!--#set var="DATE" value='<small class="date-tag">[2014-09]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Apple can, and regularly does, <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/";>
remotely extract some data from iPhones for the state</a>.</p>
@@ -139,6 +167,8 @@
<ul class="blurbs">
<li id="M201905060">
+ <!--#set var="DATE" value='<small class="date-tag">[2019-05]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>BlizzCon 2019 imposed a <a
href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/";>
requirement to run a proprietary phone app</a> to be allowed into
@@ -151,6 +181,8 @@
</li>
<li id="M201809140">
+ <!--#set var="DATE" value='<small class="date-tag">[2018-09]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Android has a <a
href="https://www.theverge.com/platform/amp/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change";>
back door for remotely changing “user” settings</a>.</p>
@@ -160,13 +192,17 @@
</li>
<li id="M201607284">
+ <!--#set var="DATE" value='<small class="date-tag">[2016-07]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>The Dropbox app for Macintosh <a
-
href="http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/";>
+
href="https://web.archive.org/web/20180124123506/http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/";>
takes control of user interface items after luring the user into
entering an admin password</a>.</p>
</li>
<li id="M201604250">
+ <!--#set var="DATE" value='<small class="date-tag">[2016-04]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>A pregnancy test controller application not only can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security";>
spy on many sorts of data in the phone, and in server accounts,
@@ -174,6 +210,8 @@
</li>
<li id="M201512074">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-12]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.itworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html";>
Some D-Link routers</a> have a back door for changing settings in a
@@ -187,6 +225,8 @@
</li>
<li id="M201511244">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Google has long had <a
href="http://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted";>a
back door to remotely unlock an Android device</a>, unless its disk
@@ -195,12 +235,16 @@
</li>
<li id="M201511194">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Caterpillar vehicles come with <a
href="http://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it";>
a back door to shutoff the engine</a> remotely.</p>
</li>
<li id="M201509160">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-09]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Modern gratis game cr…apps <a
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/";>
collect a wide range of data about their users and their users'
@@ -219,6 +263,8 @@
</li>
<li id="M201403120.1">
+ <!--#set var="DATE" value='<small class="date-tag">[2014-03]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p id="samsung"><a
href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor";>
Samsung Galaxy devices running proprietary Android versions come with
@@ -227,6 +273,8 @@
</li>
<li id="M201210220">
+ <!--#set var="DATE" value='<small class="date-tag">[2012-10]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p id="swindle-eraser">The Amazon
Kindle-Swindle has a back door that has been used to <a
href="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/";>
@@ -246,6 +294,8 @@
</li>
<li id="M201011220">
+ <!--#set var="DATE" value='<small class="date-tag">[2010-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>The iPhone has a back door for <a
href="http://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone";>
remote wipe</a>. It's not always enabled, but users are led into
@@ -257,7 +307,26 @@
<h3 id='install-delete'>Installing, deleting or disabling programs</h3>
<ul class="blurbs">
+ <li id="M202012020">
+ <!--#set var="DATE" value='<small class="date-tag">[2020-12]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Adobe Flash Player <a
+ href="https://www.adobe.com/products/flashplayer/end-of-life.html";>
+ has a universal back door</a> which lets Adobe control
+ the software and, for example, disable it whenever it
+ wants. Adobe will block Flash content from running in Flash Player
+ beginning January 12, 2021, which indicates that they have access to
+ every Flash Player through a back door.</p>
+
+ <p>The back door won't be dangerous in the future, as it'll disable
+ a proprietary program and make users delete the software, but it
+ was an injustice for many years. Users should have deleted Flash Player
+ even before its end of life.</p>
+ </li>
+
<li id="M201908270">
+ <!--#set var="DATE" value='<small class="date-tag">[2019-08]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>A very popular app found in the
Google Play store contained a module that was designed to <a
href="https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/";>secretly
@@ -271,6 +340,8 @@
</li>
<li id="M201907100">
+ <!--#set var="DATE" value='<small class="date-tag">[2019-07]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Apple appears to say that <a
href="https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/";>
there is a back door in MacOS</a> for automatically updating some
@@ -282,6 +353,8 @@
</li>
<li id="M201811100">
+ <!--#set var="DATE" value='<small class="date-tag">[2018-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Corel Paintshop Pro has a <a
href="https://torrentfreak.com/corel-wrongly-accuses-licensed-user-of-piracy-disables-software-remotely-181110/";>
back door that can make it cease to function</a>.</p>
@@ -320,6 +393,8 @@
</li>
<li id="M201804010">
+ <!--#set var="DATE" value='<small class="date-tag">[2018-04]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Some “Smart” TVs automatically <a
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928";>
load downgrades that install a surveillance app</a>.</p>
@@ -332,6 +407,8 @@
</li>
<li id="M201511090">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Baidu's proprietary Android library, Moplus, has a back door that <a
href="https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made";>
can “upload files” as well as forcibly install
@@ -341,6 +418,8 @@
</li>
<li id="M201112080">
+ <!--#set var="DATE" value='<small class="date-tag">[2011-12]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p> In addition to its <a href="#windows-update">universal back
door</a>, Windows 8 has a back door for <a
href="https://www.computerworld.com/article/2500036/microsoft--we-can-remotely-delete-windows-8-apps.html";>
@@ -354,6 +433,8 @@
</li>
<li id="M201103070">
+ <!--#set var="DATE" value='<small class="date-tag">[2011-03]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>In Android, <a
href="https://www.computerworld.com/article/2506557/google-throws--kill-switch--on-android-phones.html";>
Google has a back door to remotely delete apps</a>. (It was in a
@@ -376,6 +457,8 @@
</li>
<li id="M200808110">
+ <!--#set var="DATE" value='<small class="date-tag">[2008-08]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>The iPhone has a back door <a
href="http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html";>
that allows Apple to remotely delete apps</a> which Apple considers
@@ -388,7 +471,85 @@
<h3 id='universal'>Full control</h3>
<ul class="blurbs">
+ <li id="M202011230">
+ <!--#set var="DATE" value='<small class="date-tag">[2020-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Some Wavelink and JetStream wifi routers have
+ universal back doors that enable unauthenticated
+ users to remotely control not only the routers, but
+ also any devices connected to the network. There is evidence that <a
+
href="https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/";>
+ this vulnerability is actively exploited</a>.</p>
+
+ <p>If you consider buying a router, we encourage you to get one
+ that <a href="https://ryf.fsf.org/categories/routers";>runs on free
+ software</a>. Any attempts at introducing malicious functionalities in
+ it (e.g., through a firmware update) will be detected by the community,
+ and soon corrected.</p>
+
+ <p>If unfortunately you own a router that runs on
+ proprietary software, don't panic! You may be able to
+ replace its firmware with a free operating system such as <a
+ href="https://librecmc.org";>libreCMC</a>. If you don't know how,
+ you can get help from a nearby GNU/Linux user group.</p>
+ </li>
+
+ <li id="M202011060">
+ <!--#set var="DATE" value='<small class="date-tag">[2020-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>A new app published by Google <a
+
href="https://www.xda-developers.com/google-device-lock-controller-banks-payments/";>lets
+ banks and creditors deactivate people's Android devices</a> if they
+ fail to make payments. If someone's device gets deactivated, it will
+ be limited to basic functionality, such as emergency calling and
+ access to settings.</p>
+ </li>
+
+ <li id="M202007010">
+ <!--#set var="DATE" value='<small class="date-tag">[2020-07]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>BMW will remotely <a
+ href="https://www.cnet.com/roadshow/news/bmw-vehicle-as-a-platform/";>
+ enable and disable functionality in cars</a> through a universal
+ back door.</p>
+ </li>
+
+ <li id="M202004130">
+ <!--#set var="DATE" value='<small class="date-tag">[2020-04]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>The <a href="https://www.google.com/mobile/android/market-tos.html";>
+ Google Play Terms of Service</a> insist that the user of Android accept
+ the presence of universal back doors in apps released by Google.</p>
+
+ <p>This does not tell us whether any of Google's apps currently
+ contains a universal back door, but that is a secondary question.
+ In moral terms, demanding that people accept in advance certain bad
+ treatment is equivalent to actually doing it. Whatever condemnation
+ the latter deserves, the former deserves the same.</p>
+ </li>
+
+ <li id="M202001090">
+ <!--#set var="DATE" value='<small class="date-tag">[2020-01]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
+ <p>Android phones subsidized by the US government come with <a
+
href="https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/";>
+ preinstalled adware and a back door for forcing installation of
+ apps</a>.</p>
+
+ <p>The adware is in a modified version of an
+ essential system configuration app. The back door is a
+ surreptitious addition to a program whose stated purpose is to be a <a
+
href="https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/";>
+ universal back door for firmware</a>.</p>
+
+ <p>In other words, a program whose raison d'être is malicious has
+ a secret secondary malicious purpose. All this is in addition to the
+ malware of Android itself.</p>
+ </li>
+
<li id="M201910130.1">
+ <!--#set var="DATE" value='<small class="date-tag">[2019-10]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>The Chinese Communist Party's <a
href="/proprietary/proprietary-surveillance.html#M201910130">
“Study the Great Nation” app</a> was found to contain <a
@@ -407,6 +568,8 @@
</li>
<li id="M201908220">
+ <!--#set var="DATE" value='<small class="date-tag">[2019-08]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>ChromeBooks are programmed for obsolescence:
ChromeOS has a universal back door that is used for updates and <a
href="https://www.theregister.co.uk/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/";>
@@ -418,6 +581,8 @@
</li>
<li id="M201902011">
+ <!--#set var="DATE" value='<small class="date-tag">[2019-02]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>The FordPass Connect feature of some Ford vehicles has <a
href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html";>
near-complete access to the internal car network</a>. It is constantly
@@ -431,6 +596,8 @@
</li>
<li id="M201812300">
+ <!--#set var="DATE" value='<small class="date-tag">[2018-12]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>New GM cars <a
href="https://media.gm.com/media/us/en/gmc/vehicles/canyon/2019.html";>
offer the feature of a universal back door</a>.</p>
@@ -441,6 +608,8 @@
</li>
<li id="M201711244">
+ <!--#set var="DATE" value='<small class="date-tag">[2017-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>The Furby Connect has a <a
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect";>
universal back door</a>. If the product as shipped doesn't act as a
@@ -449,13 +618,17 @@
</li>
<li id="M201711010">
+ <!--#set var="DATE" value='<small class="date-tag">[2017-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Sony has brought back its robotic pet Aibo, this time <a
-
href="https://motherboard.vice.com/en_us/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet";>
+
href="https://www.vice.com/en/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet";>
with a universal back door, and tethered to a server that requires
a subscription</a>.</p>
</li>
<li id="M201709090.1">
+ <!--#set var="DATE" value='<small class="date-tag">[2017-09]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Tesla used software to limit the part of the battery
that was available to customers in some cars, and <a
href="https://techcrunch.com/2017/09/09/tesla-flips-a-switch-to-increase-the-range-of-some-cars-in-florida-to-help-people-evacuate/";>
@@ -470,12 +643,16 @@
</li>
<li id="M201702060.1">
+ <!--#set var="DATE" value='<small class="date-tag">[2017-02]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Vizio “smart” TVs <a
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen";>
have a universal back door</a>.</p>
</li>
<li id="M201609130">
+ <!--#set var="DATE" value='<small class="date-tag">[2016-09]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Xiaomi phones come with <a
href="https://web.archive.org/web/20190424082647/http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/";>
a universal back door in the application processor, for Xiaomi's
@@ -487,13 +664,15 @@
</li>
<li id="M201608171">
+ <!--#set var="DATE" value='<small class="date-tag">[2016-08]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p id="windows-update">Microsoft
Windows has a universal back door through which <a
href="http://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183";>
any change whatsoever can be imposed on the users</a>.</p>
<p>This was <a
- href="http://slated.org/windows_by_stealth_the_updates_you_dont_want";>
+
href="https://web.archive.org/web/20200219180230/http://slated.org/windows_by_stealth_the_updates_you_dont_want";>
reported in 2007</a> for XP and Vista, and it seems
that Microsoft used the same method to push the <a
href="/proprietary/malware-microsoft.html#windows10-forcing">
@@ -506,6 +685,8 @@
</li>
<li id="M201606060">
+ <!--#set var="DATE" value='<small class="date-tag">[2016-06]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>The Amazon Echo appears to have a universal back door, since <a
href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates";>
it installs “updates” automatically</a>.</p>
@@ -516,6 +697,8 @@
</li>
<li id="M201412180">
+ <!--#set var="DATE" value='<small class="date-tag">[2014-12]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor";>
A Chinese version of Android has a universal back door</a>. Nearly
@@ -525,6 +708,8 @@
</li>
<li id="M201311300">
+ <!--#set var="DATE" value='<small class="date-tag">[2013-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/";>
Some applications come with MyFreeProxy, which is a universal back
@@ -532,6 +717,8 @@
</li>
<li id="M201202280">
+ <!--#set var="DATE" value='<small class="date-tag">[2012-02]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>ChromeOS has a universal back
door. At least, Google says it does—in <a
href="https://www.google.com/intl/en/chromebook/termsofservice.html";>
@@ -539,6 +726,8 @@
</li>
<li id="M200700000.1">
+ <!--#set var="DATE" value='<small class="date-tag">[2007-00]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>In addition to its <a href="#swindle-eraser">book
eraser</a>, the Kindle-Swindle has a <a
href="http://www.amazon.com/gp/help/customer/display.html?nodeId=200774090";>
@@ -546,6 +735,8 @@
</li>
<li id="M200612050">
+ <!--#set var="DATE" value='<small class="date-tag">[2006-12]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p id="universal-back-door-phone-modem">Almost every phone's communication
processor has a universal back door which is <a
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html";>
@@ -560,12 +751,16 @@
<ul class="blurbs">
<li id="M201711204">
+ <!--#set var="DATE" value='<small class="date-tag">[2017-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Intel's intentional “management engine” back door has <a
href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/";>
unintended back doors</a> too.</p>
</li>
<li id="M201609240">
+ <!--#set var="DATE" value='<small class="date-tag">[2016-09]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>A Capcom's Street Fighter V update <a
href="https://www.theregister.co.uk/2016/09/23/capcom_street_fighter_v/";>
installed a driver that could be used as a back door by
@@ -575,6 +770,8 @@
</li>
<li id="M201511260">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Dell computers, shipped with
Windows, had a bogus root certificate that <a
href="http://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/";>
@@ -583,20 +780,26 @@
</li>
<li id="M201511198">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-11]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>ARRIS cable modem has a <a
href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1";>
back door in the back door</a>.</p>
</li>
<li id="M201510200">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-10]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>“Self-encrypting” disk drives
do the encryption with proprietary firmware so you
can't trust it. Western Digital's “My Passport” drives <a
-
href="https://motherboard.vice.com/en_us/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption";>
+
href="https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption";>
have a back door</a>.</p>
</li>
<li id="M201504090">
+ <!--#set var="DATE" value='<small class="date-tag">[2015-04]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Mac OS X had an <a
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/";>
intentional local back door for 4 years</a>, which could be exploited
@@ -604,6 +807,8 @@
</li>
<li id="M201309110">
+ <!--#set var="DATE" value='<small class="date-tag">[2013-09]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Here is a big problem whose details are still secret: <a
href="http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/";>
The FBI asks lots of companies to put back doors in proprietary
@@ -612,6 +817,8 @@
</li>
<li id="M201308230">
+ <!--#set var="DATE" value='<small class="date-tag">[2013-08]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>The German government <a
href="https://www.theregister.co.uk/2013/08/23/nsa_germany_windows_8/";>veers
away from Windows 8 computers with TPM 2.0</a> (<a
@@ -621,6 +828,8 @@
</li>
<li id="M201307300">
+ <!--#set var="DATE" value='<small class="date-tag">[2013-07]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>Here is a suspicion that
we can't prove, but is worth thinking about: <a
href="https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI";>
@@ -630,6 +839,8 @@
</li>
<li id="M201307114">
+ <!--#set var="DATE" value='<small class="date-tag">[2013-07]</small>'
+ --><!--#echo encoding="none" var="DATE" -->
<p>HP “storage appliances” that
use the proprietary “Left Hand”
operating system have back doors that give HP <a
@@ -646,11 +857,11 @@
<p>The EFF has other examples of the <a
href="https://www.eff.org/deeplinks/2015/02/who-really-owns-your-drones";>
use of back doors</a>.</p>
-
</div>
+
</div>
-<!--#include virtual="/server/staging/proprietary/proprietary-menu.html" -->
-<!--#include virtual="/server/staging/nav-bar/test9/footer-text.html" -->
+<!--#include virtual="/proprietary/proprietary-menu.html" -->
+<!--#include virtual="/server/footer.html" -->
<div id="footer">
<div class="unprintable">
@@ -669,17 +880,17 @@
to <a href="mailto:web-translators@gnu.org";>
<web-translators@gnu.org></a>.</p>
- <p>For information on coordinating and submitting translations of
+ <p>For information on coordinating and contributing translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
-README</a> for information on coordinating and submitting translations
+README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
-<p>Copyright © 2014-2020 Free Software Foundation, Inc.</p>
+<p>Copyright © 2014-2021 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/";>Creative
@@ -689,7 +900,7 @@
<p class="unprintable">Updated:
<!-- timestamp start -->
-$Date: 2020/02/19 19:00:16 $
+$Date: 2021/01/15 13:49:07 $
<!-- timestamp end -->
</p>
</div>
- www/server/staging/proprietary proprietary-back...,
Therese Godefroy <=