Jump to content
Not connected, Your IP: 18.220.242.160
lsat

built-in backdoors in proprietary software

Recommended Posts

Microsoft turning bugs into backdoors before fixing them:
http://techrights.org/2013/06/15/nsa-and-microsoft/

Stealth Windows updates:
https://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183?

Apple circumventing its own security measures (i.e. supposedly encrypted backups), using undocumented iOS functions:
http://arstechnica.com/security/2014/07/undocumented-ios-functions-allow-monitoring-of-personal-data-expert-says/

HP's root backdoor to storage devices:
http://news.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/

"undocumented test interfaces" remote backdoors in Cisco routers:
http://www.csoonline.com/article/2136221/network-security/cisco-confirms-undocumented-backdoor.html

Undocumented, hardcoded backdoor accounts in Barracuda network appliances:
http://www.networkcomputing.com/network-security/barracuda-security-equipment-contains-hardcoded-backdoors/d/d-id/1108344?

Google's GTalkService / Google Play (remote app installation):
https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/
https://jon.oberheide.org/blog/2010/06/28/a-peek-inside-the-gtalkservice-connection/
https://www.duosecurity.com/blog/when-angry-birds-attack-android-edition

Samsung Galaxy backdoor, allowing remote file i/o (disputed):
https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor

Hardware vendors providing HDD firmware source code to NSA & friends:
http://www.reuters.com/article/2015/02/16/us-usa-cyberspying-idUSKBN0LK1QV20150216

The last one is not a built-in backdoor, but arguably even worse:
Enabling the agencies to craft undetectable firmware modifications.


Using proprietary software always means losing control over your hardware. The scary thing is: the most important kind of software - firmware - is almost always proprietary and / or inaccessible to the user. It's not going to get better anytime soon: Potential for CPU microcode backdoors


all of my content is released under CC-BY-SA 2.0

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...