<!--#include virtual="/server/header.html" -->
<!-- Parent-Version: 1.96 -->
<!--#set var="DISABLE_TOP_ADDENDUM" value="yes" -->
<!--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Please do not edit <ul class="blurbs">!
Instead, edit /proprietary/workshop/mal.rec, then regenerate pages.
See explanations in /proprietary/workshop/README.md.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-->
<title>Proprietary Back Doors - GNU Project - Free Software Foundation</title>
<link rel="stylesheet" type="text/css" href="/side-menu.css" media="screen,print" />
<!--#include virtual="/proprietary/po/proprietary-back-doors.translist" -->
<!--#include virtual="/server/banner.html" -->
<div class="nav">
<a id="side-menu-button" class="switch" href="#navlinks">
<img id="side-menu-icon" height="32"
src="/graphics/icons/side-menu.png"
title="Section contents"
alt=" [Section contents] " />
</a>
<p class="breadcrumb">
<a href="/"><img src="/graphics/icons/home.png" height="24"
alt="GNU Home" title="GNU Home" /></a> /
<a href="/proprietary/proprietary.html">Malware</a> /
By type /
</p>
</div>
<!--GNUN: OUT-OF-DATE NOTICE-->
<!--#include virtual="/server/top-addendum.html" -->
<div style="clear: both"></div>
<div id="last-div" class="reduced-width">
<h2>Proprietary Back Doors</h2>
<div class="infobox">
<hr class="full-width" />
<p>Nonfree (proprietary) software is very often malware (designed to
mistreat the user). Nonfree software is controlled by its developers,
which puts them in a position of power over the users; <a
href="/philosophy/free-software-even-more-important.html">that is the
basic injustice</a>. The developers and manufacturers often exercise
that power to the detriment of the users they ought to serve.</p>
<p>This typically takes the form of malicious functionalities.</p>
<hr class="full-width" />
</div>
<div class="article">
<p>Some malicious functionalities are mediated by <a
href="/proprietary/proprietary.html#f1">back doors</a>. Here are
examples of programs that contain one or several of those, classified
according to what the back door is known to have the power to do.
Back doors that allow full control over the programs which contain them
are said to be “universal.”</p>
<div class="important">
<p>If you know of an example that ought to be in this page but isn't
here, please write
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>
to inform us. Please include the URL of a trustworthy reference or two
to serve as specific substantiation.</p>
</div>
<div id="TOC" class="toc-inline">
<h3>Back-door functionalities</h3>
<ul>
<li><a href="#spy">Spying</a></li>
<li><a href="#alter-data">Altering user's data or settings</a></li>
<li><a href="#install-delete">Installing, deleting or disabling programs</a></li>
<li><a href="#universal">Full control</a></li>
<li><a href="#other">Other/undefined</a></li>
</ul>
</div>
<h3 id='spy'>Spying</h3>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202008030">
<!--#set var="DATE" value='<small class="date-tag">2020-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google Nest <a
href="https://blog.google/products/google-nest/partnership-adt-smarter-home-security/">
is taking over ADT</a>. Google sent out a software
update to its speaker devices using their back door <a
href="https://www.protocol.com/google-smart-speaker-alarm-adt">
href="https://web.archive.org/web/20240123114737/https://www.protocol.com/google-smart-speaker-alarm-adt"> that
listens for things like smoke alarms</a> and then notifies your phone
that an alarm is happening. This means the devices now listen for more
than just their wake words. Google says the software update was sent
out prematurely and on accident and Google was planning on disclosing
this new feature and offering it to customers who pay for it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201706200.2">
<!--#set var="DATE" value='<small class="date-tag">2017-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="InternetCameraBackDoor">Many models of Internet-connected
cameras contain a glaring back door—they have login
accounts with hard-coded passwords, which can't be changed, and <a
href="https://arstechnica.com/security/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">
href="https://arstechnica.com/information-technology/2017/06/internet-cameras-expose-private-video-feeds-and-remote-controls/">
there is no way to delete these accounts either</a>.</p>
<p>Since these accounts with hard-coded passwords are impossible
to delete, this problem is not merely an insecurity; it amounts to
a back door that can be used by the manufacturer (and
government) to spy on users.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201701130">
<!--#set var="DATE" value='<small class="date-tag">2017-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>WhatsApp has a feature that <a
href="https://techcrunch.com/2017/01/13/encrypted-messaging-platform-whatsapp-denies-backdoor-claim/">
has been described as a “back door”</a> because it would
enable governments to nullify its encryption.</p>
<p>The developers say that it wasn't intended as a back door, and that
may well be true. But that leaves the crucial question of whether it
functions as one. Because the program is nonfree, we cannot check by
studying it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201512280">
<!--#set var="DATE" value='<small class="date-tag">2015-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft has <a
href="https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/">
backdoored its disk encryption</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201409220">
<!--#set var="DATE" value='<small class="date-tag">2014-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple can, and regularly does, <a
href="http://arstechnica.com/apple/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
href="https://arstechnica.com/gadgets/2014/05/new-guidelines-outline-what-iphone-data-apple-can-give-to-police/">
remotely extract some data from iPhones for the state</a>.</p>
<p>This may have improved with <a
href="https://www.denverpost.com/2014/09/17/apple-will-no-longer-unlock-most-iphones-ipads-for-police/">
iOS 8 security improvements</a>; but <a
href="https://firstlook.org/theintercept/2014/09/22/apple-data/">
href="https://theintercept.com/2014/09/22/apple-data/">
not as much as Apple claims</a>.</p>
</li>
</ul>
<h3 id='alter-data'>Altering user's data or settings</h3>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202207140">
<!--#set var="DATE" value='<small class="date-tag">2022-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>BMW is now luring British customers into <a
href="https://edition.cnn.com/2022/07/14/business/bmw-subscription/index.html">
paying for the built-in heated-seat feature of their new cars on a
subscription basis</a>. People also have the option to buy the feature
when they are paying for the car, but those who bought a used car have
to pay BMW extra money to remotely enable the heated seats. This is
probably done by BMW accessing a back door in the car software.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202109220">
<!--#set var="DATE" value='<small class="date-tag">2021-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some Xiaomi phones <a
href="https://www.theguardian.com/world/2021/sep/22/lithuania-tells-citizens-to-throw-out-chinese-phones-over-censorship-concerns">have
a malfeature to bleep out phrases that express political views
China
the Chinese government does not like</a>. In phones sold in Europe,
Xiaomi leaves this deactivated by default, but has a back door to
activate the censorship.</p>
<p>This is the natural result of having nonfree software in a device
that can communicate with the company that made it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201905060">
<!--#set var="DATE" value='<small class="date-tag">2019-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>BlizzCon 2019 imposed a <a
href="https://arstechnica.com/gaming/2019/05/blizzcon-2019-tickets-revolve-around-invasive-poorly-reviewed-smartphone-app/">
requirement to run a proprietary phone app</a> to be allowed into
the event.</p>
<p>This app is a spyware that can snoop on a lot of
sensitive data, including user's location and contact list, and has <a
href="https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
href="https://web.archive.org/web/20220321042716/https://old.reddit.com/r/wow/comments/bkd5ew/you_need_to_have_a_phone_to_attend_blizzcon_this/emg38xv/">
near-complete control</a> over the phone.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201809140">
<!--#set var="DATE" value='<small class="date-tag">2018-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Android has a <a
href="https://www.theverge.com/platform/amp/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change">
href="https://www.theverge.com/2018/9/14/17861150/google-battery-saver-android-9-pie-remote-settings-change">
back door for remotely changing “user” settings</a>.</p>
<p>The article suggests it might be a universal back door, but this
isn't clear.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201607284">
<!--#set var="DATE" value='<small class="date-tag">2016-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Dropbox app for Macintosh <a
href="https://web.archive.org/web/20180124123506/http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/">
takes control of user interface items after luring the user into
entering an admin password</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201604250">
<!--#set var="DATE" value='<small class="date-tag">2016-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A pregnancy test controller application not only can <a
href="http://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
href="https://www.theverge.com/2016/4/25/11503718/first-response-pregnancy-pro-test-bluetooth-app-security">
spy on many sorts of data in the phone, and in server accounts,
it can alter them too</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201512074">
<!--#set var="DATE" value='<small class="date-tag">2015-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.itworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html">
href="https://www.computerworld.com/article/2705284/backdoor-found-in-d-link-router-firmware-code.html">
Some D-Link routers</a> have a back door for changing settings in a
dlink of an eye.</p>
<p><a href="http://sekurak.pl/tp-link-httptftp-backdoor/"> href="https://sekurak.pl/tp-link-httptftp-backdoor/"> The TP-Link
router has a back door</a>.</p>
<p><a href="https://github.com/elvanderb/TCP-32764">Many href="https://gothub.projectsegfau.lt/elvanderb/TCP-32764/">Many models of
routers have back doors</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201511244">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Google has long had <a
href="http://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">a
href="https://www.theguardian.com/technology/2015/nov/24/google-can-unlock-android-devices-remotely-if-phone-unencrypted">a
back door to remotely unlock an Android device</a>, unless its disk
is encrypted (possible since Android 5.0 Lollipop, but still not
quite the default).</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201511194">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Caterpillar vehicles come with <a
href="http://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it">
href="https://web.archive.org/web/20201108113943/https://www.zerohedge.com/news/2015-11-19/caterpillar-depression-has-never-been-worse-it-has-cunning-plan-how-deal-it">
a back door to shutoff the engine</a> remotely.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201509160">
<!--#set var="DATE" value='<small class="date-tag">2015-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Modern gratis game cr…apps <a
href="http://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
href="https://toucharcade.com/2015/09/16/we-own-you-confessions-of-a-free-to-play-producer/">
collect a wide range of data about their users and their users'
friends and associates</a>.</p>
<p>Even nastier, they do it through ad networks that merge the data
collected by various cr…apps and sites made by different
companies.</p>
<p>They use this data to manipulate people to buy things, and hunt for
“whales” who can be led to spend a lot of money. They also
use a back door to manipulate the game play for specific players.</p>
<p>While the article describes gratis games, games that cost money
can use the same tactics.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201403120.1">
<!--#set var="DATE" value='<small class="date-tag">2014-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="samsung"><a
href="https://www.fsf.org/blogs/community/replicant-developers-find-and-close-samsung-galaxy-backdoor">
Samsung Galaxy devices running proprietary Android versions come with
a back door</a> that provides remote access to the files stored on
the device.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201210220">
<!--#set var="DATE" value='<small class="date-tag">2012-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="swindle-eraser">The Amazon
Kindle-Swindle has a back door that has been used to <a
href="http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/">
href="https://web.archive.org/web/20220319193415/https://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/">
remotely erase books</a>. One of the books erased was
<cite>1984</cite>, by George Orwell.</p>
<p>Amazon responded to criticism by saying it
would delete books only following orders from the
state. However, that policy didn't last. In 2012 it <a
href="http://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">
href="https://boingboing.net/2012/10/22/kindle-user-claims-amazon-dele.html">
wiped a user's Kindle-Swindle and deleted her account</a>, then
offered her kafkaesque “explanations.”</p>
<p>Do other ebook readers have back doors in their nonfree software? We
don't know, and we have no way to find out. There is no reason to
assume that they don't.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201011220">
<!--#set var="DATE" value='<small class="date-tag">2010-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The iPhone has a back door for <a
href="http://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone">
href="https://www.npr.org/2010/11/22/131511381/wipeout-when-your-company-kills-your-iphone">
remote wipe</a>. It's not always enabled, but users are led into
enabling it without understanding.</p>
</li>
</ul>
<h3 id='install-delete'>Installing, deleting or disabling programs</h3>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202401180.4">
<!--#set var="DATE" value='<small class="date-tag">2024-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a href="/proprietary/uhd-bluray-denies-your-freedom.html">UHD
Blu-ray disks are loaded with malware of the worst kinds</a>, including
the AACS DRM. Playing them on a PC requires the Intel Management
Engine, which has back doors and cannot be disabled. Every Blu-ray
drive also has a back door in its firmware, which allows the
AACS-enforcing organization to “revoke” the ability to play
any AACS-restricted disk.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202302140">
<!--#set var="DATE" value='<small class="date-tag">2023-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://www.theguardian.com/technology/2023/feb/14/microsoft-to-phase-out-internet-explorer-with-new-edge-browser">
remotely disabling Internet Explorer, forcibly redirecting users to
Microsoft Edge</a>.</p>
<p>Imposing such change is malicious, and the fact that the redirection
is from one unjust program (IE) to another unjust program (Edge)
does not excuse it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202301190">
<!--#set var="DATE" value='<small class="date-tag">2023-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft <a
href="https://betanews.com/2023/01/19/microsoft-is-using-the-kb5021751-update-to-see-if-you-have-an-unsupported-version-of-office-installed/">
released an “update” that installs a surveillance
program</a> on users' computers to gather data on some installed
programs for Microsoft's benefit. The update is rolling out
automatically, and the program runs “one time silently.”</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202210110">
<!--#set var="DATE" value='<small class="date-tag">2022-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Xiaomi provides a tool to <a
href="https://www.guidetoroot.com/unlock-bootloader-on-any-xiaomi-phones/">
unlock the bootloader of Xiaomi smartphones and tablets</a>,
but this requires creating an account on the company's servers,
i.e. providing your phone number. This is the price you have to pay
for “legally” running a free software operating system
on Xiaomi devices. But the manufacturer retains control of the
unlocked device through a backdoor in the bootloader—the same
backdoor that was remotely used to unlock it.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202208220">
<!--#set var="DATE" value='<small class="date-tag">2022-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tesla <a
href="https://www.cnn.com/2022/08/22/business/tesla-fsd-price-increase/index.html">
sells an add-on software feature that drivers are not allowed
to use</a>.</p>
<p>This practice depends on a back door, which is unjust in
itself. Asking users to buy something years in advance to avoid having
to pay an even higher price later is manipulative.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202110130">
<!--#set var="DATE" value='<small class="date-tag">2021-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Adobe <a
href="https://web.archive.org/web/20211014123717/https://pluralistic.net/2021/10/13/theres-an-app-for-that/#gnash">has
licensed its Flash Player to China's Zhong Cheng Network</a> who is
offering the program bundled with spyware and a back door that can
remotely deactivate it.</p>
<p>Adobe is responsible for this since they gave Zhong Cheng
Network permission to do this. This injustice involves “misuse” of
the DMCA, but “proper,” intended use of the DMCA is a much bigger
injustice. There is <a href="/philosophy/right-to-read.html">a series
of errors related to DMCA</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202108240">
<!--#set var="DATE" value='<small class="date-tag">2021-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Recent Samsung TVs have a back door with which Samsung can <a
href="https://www.pcmag.com/news/samsung-can-remotely-disable-any-of-its-tvs-worldwide">
brick them remotely</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202106190">
<!--#set var="DATE" value='<small class="date-tag">2021-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="https://arstechnica.com/gadgets/2021/06/even-creepier-covid-tracking-google-silently-pushed-app-to-users-phones/">Google
automatically installed an app on many proprietary Android phones</a>. The app
might or might not do malicious things but the power Google has over proprietary
Android phones is dangerous.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202012020">
<!--#set var="DATE" value='<small class="date-tag">2020-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Adobe Flash Player <a
href="https://www.adobe.com/products/flashplayer/end-of-life.html">
has a universal back door</a> which lets Adobe control
the software and, for example, disable it whenever it
wants. Adobe will block Flash content from running in Flash Player
beginning January 12, 2021, which indicates that they have access to
every Flash Player through a back door.</p>
<p>The back door won't be dangerous in the future, as it'll disable
a proprietary program and make users delete the software, but it
was an injustice for many years. Users should have deleted Flash Player
even before its end of life.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202007020">
<!--#set var="DATE" value='<small class="date-tag">2020-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>BMW is trying to <a
href="https://www.theverge.com/2020/7/2/21311332/bmw-in-car-purchase-heated-seats-software-over-the-air-updates">lock
certain features of its cars, and force people to pay to use part of
the car they already bought</a>. This is done through forced update
of the car software via a radio-operated back door.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201908270">
<!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A very popular app found in the
Google Play store contained a module that was designed to <a
href="https://arstechnica.com/information-technology/2019/08/google-play-app-with-100-million-downloads-executed-secret-payloads/">secretly
install malware on the user's computer</a>. The app developers
regularly used it to make the computer download and execute any code
they wanted.</p>
<p>This is a concrete example of what users are exposed to when they
run nonfree apps. They can never be completely sure that a nonfree
app is safe.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201907100">
<!--#set var="DATE" value='<small class="date-tag">2019-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Apple appears to say that <a
href="https://techcrunch.com/2019/07/10/apple-silent-update-zoom-app/">
there is a back door in MacOS</a> for automatically updating some
(all?) apps.</p>
<p>The specific change described in the article was not
malicious—it protected users from surveillance by third
parties—but that is a separate question.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201811100">
<!--#set var="DATE" value='<small class="date-tag">2018-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Corel Paintshop Pro has a <a
href="https://torrentfreak.com/corel-wrongly-accuses-licensed-user-of-piracy-disables-software-remotely-181110/">
back door that can make it cease to function</a>.</p>
<p>The article is full of confusions, errors and biases that we have
an obligation to expose, given that we are making a link to them.</p>
<ul>
<li>Getting a patent does not “enable” a company to do
any particular thing in its products. What it does enable the company
to do is sue other companies if they do some particular thing in
their products.</li>
<li>A company's policies about when to attack users through a back
door are beside the point. Inserting the back door is wrong in the
first place, and using the back door is always wrong too. No software
developer should have that power over users.</li>
<li>“<a
href="/philosophy/words-to-avoid.html#Piracy">Piracy</a>” means
attacking ships. Using that word to refer to sharing copies is a smear;
please don't smear sharing.</li>
<li><p>The idea of “protecting our IP” is
total confusion. The term “IP” itself is a <a
href="/philosophy/not-ipr.html">bogus generalization about things
that have nothing in common</a>.</p>
<p>In addition, to speak of “protecting” that bogus
generalization is a separate absurdity. It's like calling the cops
because neighbors' kids are playing on your front yard, and saying
that you're “protecting the boundary line”. The kids can't do harm
to the boundary line, not even with a jackhammer, because it is an
abstraction and can't be affected by physical action.</p></li>
</ul>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201804010">
<!--#set var="DATE" value='<small class="date-tag">2018-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some “Smart” TVs automatically <a
href="https://web.archive.org/web/20180405014828/https:/twitter.com/buro9/status/980349887006076928">
load downgrades that install a surveillance app</a>.</p>
<p>We link to the article for the facts it presents. It
is too bad that the article finishes by advocating the
moral weakness of surrendering to Netflix. The Netflix app <a
href="/proprietary/malware-google.html#netflix-app-geolocation-drm">is
malware too</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201511090">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Baidu's proprietary Android library, Moplus, has a back door that <a
href="https://www.eff.org/deeplinks/2015/11/millions-android-devices-vulnerable-remote-hijacking-baidu-wrote-code-google-made">
can “upload files” as well as forcibly install
apps</a>.</p>
<p>It is used by 14,000 Android applications.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201112080">
<!--#set var="DATE" value='<small class="date-tag">2011-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p> In addition to its <a href="#windows-update">universal back
door</a>, Windows 8 has a back door for <a
href="https://www.computerworld.com/article/2500036/microsoft--we-can-remotely-delete-windows-8-apps.html">
href="https://www.computerworld.com/article/2732767/microsoft--we-can-remotely-delete-windows-8-apps.html">
remotely deleting apps</a>.</p>
<p>You might well decide to let a security service that you trust
remotely <em>deactivate</em> programs that it considers malicious.
But there is no excuse for <em>deleting</em> the programs, and you
should have the right to decide whom (if anyone) to trust in this
way.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201103070">
<!--#set var="DATE" value='<small class="date-tag">2011-03</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In Android, <a
href="https://www.computerworld.com/article/2506557/google-throws--kill-switch--on-android-phones.html">
Google has a back door to remotely delete apps</a>. (It was in a
program called GTalkService, which seems since then to have been
merged into Google Play.)</p>
<p>Google can also <a
href="https://jon.oberheide.org/blog/2010/06/25/remote-kill-and-install-on-google-android/">
forcibly and remotely install apps</a> through GTalkService. This is
not equivalent to a universal back door, but permits various dirty
tricks.</p>
<p>Although Google's <em>exercise</em> of this power has not been
malicious so far, the point is that nobody should have such power,
which could also be used maliciously. You might well decide to
let a security service remotely <em>deactivate</em> programs that
it considers malicious. But there is no excuse for allowing it to
<em>delete</em> the programs, and you should have the right to decide
who (if anyone) to trust in this way.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M200808110">
<!--#set var="DATE" value='<small class="date-tag">2008-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The iPhone has a back door <a
href="http://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html">
href="https://www.telegraph.co.uk/technology/3358134/Apples-Jobs-confirms-iPhone-kill-switch.html">
that allows Apple to remotely delete apps</a> which Apple considers
“inappropriate”. Jobs said it's OK for Apple to have
this power because of course we can trust Apple.</p>
</li>
</ul>
<h3 id='universal'>Full control</h3>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202305100">
<!--#set var="DATE" value='<small class="date-tag">2023-05</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>HP delivers printers with a
universal back door, and recently used it to <a
href="https://www.theguardian.com/money/2023/may/10/how-can-hp-block-me-from-using-a-cheaper-printer-cartridge">
sabotage them by remotely installing malware</a>. The malware makes the
printer refuse to function with non-HP ink cartrides, and even with old
HP cartridges which HP now declares to have “expired.”
HP calls the back door “dynamic security,”
and has the gall to claim that this “security” protects
users from malware.</p>
<p>If you own an HP printer that can still use non-HP cartridges,
we urge you to disconnect it from the internet. This will ensure that
HP doesn't sabotage it by “updating” its software.</p>
<p><small>Note how the author of the Guardian article credulously
repeats HP's assertion that the “dynamic security”
feature protects users against malware, not recognizing that the
article demonstrates it does the opposite.</small></p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202111201">
<!--#set var="DATE" value='<small class="date-tag">2021-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>NordicTrack, a company that sells
exercise machines with ability to show videos <a
href="https://arstechnica.com/information-technology/2021/11/locked-out-of-god-mode-runners-are-hacking-their-treadmills/">limits
what people can watch, and recently disabled a feature</a> that was
originally functional. This happened through automatic update and
probably involved a universal back door.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202106220">
<!--#set var="DATE" value='<small class="date-tag">2021-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Peloton company which produces treadmills recently <a
href="https://www.bleepingcomputer.com/news/technology/peloton-tread-owners-now-forced-into-monthly-subscription-after-recall/">locked
people out of basic features of people's treadmills by a software
update</a>. The company now asks people for a membership/subscription
for what people already paid for.</p>
<p>The software used in the treadmill is proprietary and probably
includes back doors to force software updates. It teaches the lesson
that if a product talks to external networks, you must expect it to
take in new malware.</p>
<p>Please note that the company behind this product said they
are working to reverse the changes so people will no longer need
subscription to use the locked feature.</p>
<p>Apparently public anger made the company back down. If we want that
to be our safety, we need to build up the anger against malicious
features (and the proprietary software that is their entry path)
to the point that even the most powerful companies don't dare.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202102180">
<!--#set var="DATE" value='<small class="date-tag">2021-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Microsoft is <a
href="https://uk.pcmag.com/operating-systems/131798/microsoft-starts-automatically-removing-flash-from-windows">forcibly
removing the Flash player from computers running Windows 10</a>, using
<a href="/proprietary/proprietary-back-doors.html#windows-update">a
universal backdoor in Windows</a>.</p>
<p>The fact that Flash has been <a
href="/proprietary/proprietary-back-doors.html#M202012020">disabled
by Adobe</a> is no excuse for this abuse of power. The nature of
proprietary software, such as Microsoft Windows, gives the developers
power to impose their decisions on users. Free software on the other
hand empowers users to make their own decisions.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202011230">
<!--#set var="DATE" value='<small class="date-tag">2020-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Some Wavelink and JetStream wifi routers have
universal back doors that enable unauthenticated
users to remotely control not only the routers, but
also any devices connected to the network. There is evidence that <a
href="https://cybernews.com/security/walmart-exclusive-routers-others-made-in-china-contain-backdoors-to-control-devices/">
this vulnerability is actively exploited</a>.</p>
<p>If you consider buying a router, we encourage you to get one
that <a href="https://ryf.fsf.org/categories/routers">runs on free
software</a>. Any attempts at introducing malicious functionalities in
it (e.g., through a firmware update) will be detected by the community,
and soon corrected.</p>
<p>If unfortunately you own a router that runs on
proprietary software, don't panic! You may be able to
replace its firmware with a free operating system such as <a
href="https://librecmc.org">libreCMC</a>. If you don't know how,
you can get help from a nearby GNU/Linux user group.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202011060">
<!--#set var="DATE" value='<small class="date-tag">2020-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A new app published by Google <a
href="https://www.xda-developers.com/google-device-lock-controller-banks-payments/">lets
banks and creditors deactivate people's Android devices</a> if they
fail to make payments. If someone's device gets deactivated, it will
be limited to basic functionality, such as emergency calling and
access to settings.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202007010">
<!--#set var="DATE" value='<small class="date-tag">2020-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>BMW will remotely <a
href="https://www.cnet.com/roadshow/news/bmw-vehicle-as-a-platform/">
enable and disable functionality in cars</a> through a universal
back door.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202004130">
<!--#set var="DATE" value='<small class="date-tag">2020-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The <a href="https://www.google.com/mobile/android/market-tos.html"> href="https://play.google.com/about/play-terms/">
Google Play Terms of Service</a> insist that the user of Android accept
the presence of universal back doors in apps released by Google.</p>
<p>This does not tell us whether any of Google's apps currently
contains a universal back door, but that is a secondary question.
In moral terms, demanding that people accept in advance certain bad
treatment is equivalent to actually doing it. Whatever condemnation
the latter deserves, the former deserves the same.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M202001090">
<!--#set var="DATE" value='<small class="date-tag">2020-01</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Android phones subsidized by the US government come with <a
href="https://arstechnica.com/information-technology/2020/01/us-government-funded-android-phones-come-preinstalled-with-unremovable-malware/">
preinstalled adware and a back door for forcing installation of
apps</a>.</p>
<p>The adware is in a modified version of an
essential system configuration app. The back door is a
surreptitious addition to a program whose stated purpose is to be a <a
href="https://www.zdnet.com/article/unremovable-malware-found-preinstalled-on-low-end-smartphone-sold-in-the-us/">
universal back door for firmware</a>.</p>
<p>In other words, a program whose raison d'ĂȘtre is malicious has
a secret secondary malicious purpose. All this is in addition to the
malware of Android itself.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201910130.1">
<!--#set var="DATE" value='<small class="date-tag">2019-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Chinese Communist Party's <a
href="/proprietary/proprietary-surveillance.html#M201910130">
“Study the Great Nation” app</a> was found to contain <a
href="https://www.ndtv.com/world-news/chinese-app-allows-officials-access-to-100-million-users-phone-report-2115962">
a back-door allowing developers to run any code they wish</a> in the
users' phone, as “superusers.”</p>
<p>Note: The <a
href="http://web-old.archive.org/web/20191015005153/https://www.washingtonpost.com/world/asia_pacific/chinese-app-on-xis-ideology-allows-data-access-to-100-million-users-phones-report-says/2019/10/11/2d53bbae-eb4d-11e9-bafb-da248f8d5734_story.html">
Washington Post version of the article</a> (partly obfuscated, but
readable after copy-pasting in a text editor) includes a clarification
saying that the tests were only performed on the Android version
of the app, and that, according to Apple, “this kind of
‘superuser’ surveillance could not be conducted on
Apple's operating system.”</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201908220">
<!--#set var="DATE" value='<small class="date-tag">2019-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>ChromeBooks are programmed for obsolescence:
ChromeOS has a universal back door that is used for updates and <a
href="https://www.theregister.co.uk/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/">
href="https://www.theregister.com/2019/08/22/buying_a_chromebook_dont_forget_to_check_when_it_expires/">
ceases to operate at a predefined date</a>. From then on, there
appears to be no support whatsoever for the computer.</p>
<p>In other words, when you stop getting screwed by the back door,
you start getting screwed by the obsolescence.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201902011">
<!--#set var="DATE" value='<small class="date-tag">2019-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The FordPass Connect feature of some Ford vehicles has <a
href="https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
href="https://web.archive.org/web/20200530023040/https://www.myfordpass.com/content/ford_com/fp_app/en_us/termsprivacy.html">
near-complete access to the internal car network</a>. It is constantly
connected to the cellular phone network and sends Ford a lot of data,
including car location. This feature operates even when the ignition
key is removed, and users report that they can't disable it.</p>
<p>If you own one of these cars, have you succeeded in breaking the
connectivity by disconnecting the cellular modem, or wrapping the
antenna in aluminum foil?</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201812300">
<!--#set var="DATE" value='<small class="date-tag">2018-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>New GM cars <a
href="https://media.gm.com/media/us/en/gmc/vehicles/canyon/2019.html">
offer the feature of a universal back door</a>.</p>
<p>Every nonfree program offers the user zero security against its
developer. With this malfeature, GM has explicitly made things even
worse.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201711244">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Furby Connect has a <a
href="https://www.contextis.com/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
href="https://web.archive.org/web/20220604212722/https://www.contextis.com/en/blog/dont-feed-them-after-midnight-reverse-engineering-the-furby-connect">
universal back door</a>. If the product as shipped doesn't act as a
listening device, remote changes to the code could surely convert it
into one.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201711010">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Sony has brought back its robotic pet Aibo, this time <a
href="https://www.vice.com/en/article/bj778v/sony-wants-to-sell-you-a-subscription-to-a-robot-dog-aibo-90s-pet">
with a universal back door, and tethered to a server that requires
a subscription</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201709090.1">
<!--#set var="DATE" value='<small class="date-tag">2017-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Tesla used software to limit the part of the battery
that was available to customers in some cars, and <a
href="https://techcrunch.com/2017/09/09/tesla-flips-a-switch-to-increase-the-range-of-some-cars-in-florida-to-help-people-evacuate/">
a universal back door in the software</a> to temporarily increase
this limit.</p>
<p>While remotely allowing car “owners” to use the
whole battery capacity did not do them any harm, the same back
door would permit Tesla (perhaps under the command of some
government) to remotely order the car to use none of its battery. Or
perhaps to drive its passenger to a torture prison.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201702060.1">
<!--#set var="DATE" value='<small class="date-tag">2017-02</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Vizio “smart” TVs <a
href="https://www.ftc.gov/news-events/blogs/business-blog/2017/02/what-vizio-was-doing-behind-tv-screen">
href="https://www.ftc.gov/business-guidance/blog/2017/02/what-vizio-was-doing-behind-tv-screen">
have a universal back door</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201609130">
<!--#set var="DATE" value='<small class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Xiaomi phones come with <a
href="https://web.archive.org/web/20190424082647/http://blog.thijsbroenink.com/2016/09/xiaomis-analytics-app-reverse-engineered/">
a universal back door in the application processor, for Xiaomi's
use</a>.</p>
<p>This is separate from <a href="#universal-back-door-phone-modem">the
universal back door in the modem processor that the local phone
company can use</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201608171">
<!--#set var="DATE" value='<small class="date-tag">2016-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="windows-update">Microsoft
Windows has a universal back door through which <a
href="http://www.informationweek.com/microsoft-updates-windows-without-user-permission-apologizes/d/d-id/1059183">
href="https://www.informationweek.com/government/microsoft-updates-windows-without-user-permission-apologizes">
any change whatsoever can be imposed on the users</a>.</p>
<p>This was <a
href="https://web.archive.org/web/20200219180230/http://slated.org/windows_by_stealth_the_updates_you_dont_want">
reported in 2007</a> for XP and Vista, and it seems
that Microsoft used the same method to push the <a
href="/proprietary/malware-microsoft.html#windows10-forcing">
Windows 10 downgrade</a> to computers running Windows 7 and 8.</p>
<p>In Windows 10, the universal back door
is no longer hidden; all “upgrades” will be <a
href="http://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/">
href="https://arstechnica.com/information-technology/2015/07/windows-10-updates-to-be-automatic-and-mandatory-for-home-users/">
forcibly and immediately imposed</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201606060">
<!--#set var="DATE" value='<small class="date-tag">2016-06</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The Amazon Echo appears to have a universal back door, since <a
href="https://en.wikipedia.org/wiki/Amazon_Echo#Software_updates">
it installs “updates” automatically</a>.</p>
<p>We have found nothing explicitly documenting the lack of any way
to disable remote changes to the software, so we are not completely
sure there isn't one, but this seems pretty clear.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201412180">
<!--#set var="DATE" value='<small class="date-tag">2014-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor">
href="https://www.theguardian.com/technology/2014/dec/18/chinese-android-phones-coolpad-hacker-backdoor">
A Chinese version of Android has a universal back door</a>. Nearly
all models of mobile phones have a <a href="#universal-back-door-phone-modem">
universal back door in the modem chip</a>. So why did Coolpad bother
to introduce another? Because this one is controlled by Coolpad.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201311300">
<!--#set var="DATE" value='<small class="date-tag">2013-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p><a
href="http://www.techienews.co.uk/973462/bitcoin-miners-bundled-pups-legitimate-applications-backed-eula/">
Some applications come with MyFreeProxy, which is a universal back
door</a> that can download programs and run them.</p>
</li>
<li id="M201202280">
<!--#set var="DATE" value='<small class="date-tag">2012-02</small>'
--><!--#echo encoding="none" var="DATE"
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<p>ChromeOS has a universal back
door. At least, Google says it does—in <a
href="https://www.google.com/intl/en/chromebook/termsofservice.html">
section 4 of the EULA</a>.</p>
</li>
<li id="M200700000.1"> id="M201207150.1">
<!--#set var="DATE" value='<small class="date-tag">[2007]</small>' class="date-tag">2012-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>In addition to its <a href="#swindle-eraser">book
eraser</a>, the Kindle-Swindle has a <a
href="https://www.amazon.com/gp/help/customer/display.html?nodeId=200774090">
href="https://web.archive.org/web/20120715070050/http://www.amazon.com/gp/help/customer/display.html/?nodeId=200774090">
universal back door</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M200612050">
<!--#set var="DATE" value='<small class="date-tag">2006-12</small>'
--><!--#echo encoding="none" var="DATE" -->
<p id="universal-back-door-phone-modem">Almost every phone's communication
processor has a universal back door which is <a
href="https://www.schneier.com/blog/archives/2006/12/remotely_eavesd_1.html">
often used to make a phone transmit all conversations it hears</a>. See
<a href="/proprietary/malware-mobiles.html#universal-back-door-phone-modem">Malware
in Mobile Devices</a> for more info.</p>
</li>
</ul>
<h3 id='other'>Other or undefined</h3>
<ul class="blurbs">
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201711204">
<!--#set var="DATE" value='<small class="date-tag">2017-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Intel's intentional “management engine” back door has <a
href="https://www.theregister.co.uk/2017/11/20/intel_flags_firmware_flaws/">
href="https://www.theregister.com/2017/11/20/intel_flags_firmware_flaws/">
unintended back doors</a> too.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201609240">
<!--#set var="DATE" value='<small class="date-tag">2016-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>A Capcom's Street Fighter V update <a
href="https://www.theregister.co.uk/2016/09/23/capcom_street_fighter_v/">
href="https://www.theregister.com/2016/09/23/capcom_street_fighter_v/">
installed a driver that could be used as a back door by
any application installed on a Windows computer</a>, but was <a
href="https://www.rockpapershotgun.com/2016/09/24/street-fighter-v-removes-new-anti-crack">
href="https://www.rockpapershotgun.com/street-fighter-v-removes-new-anti-crack">
immediately rolled back</a> in response to public outcry.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201511260">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Dell computers, shipped with
Windows, had a bogus root certificate that <a
href="http://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/">
href="https://fossforce.com/2015/11/dell-comcast-intel-who-knows-who-else-are-out-to-get-you/">
allowed anyone (not just Dell) to remotely authorize any software to
run</a> on the computer.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201511198">
<!--#set var="DATE" value='<small class="date-tag">2015-11</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>ARRIS cable modem has a <a
href="https://w00tsec.blogspot.de/2015/11/arris-cable-modem-has-backdoor-in.html?m=1">
back door in the back door</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201510200">
<!--#set var="DATE" value='<small class="date-tag">2015-10</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>“Self-encrypting” disk drives
do the encryption with proprietary firmware so you
can't trust it. Western Digital's “My Passport” drives <a
href="https://www.vice.com/en/article/mgbmma/some-popular-self-encrypting-hard-drives-have-really-bad-encryption">
have a back door</a>.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201504090">
<!--#set var="DATE" value='<small class="date-tag">2015-04</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Mac OS X had an <a
href="https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/">
intentional local back door for 4 years</a>, which could be exploited
by attackers to gain root privileges.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201309110">
<!--#set var="DATE" value='<small class="date-tag">2013-09</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Here is a big problem whose details are still secret: <a
href="http://mashable.com/2013/09/11/fbi-microsoft-bitlocker-backdoor/">
href="https://mashable.com/archive/fbi-microsoft-bitlocker-backdoor">
The FBI asks lots of companies to put back doors in proprietary
programs</a>. We don't know of specific cases where this was done,
but every proprietary program for encryption is a possibility.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201308230">
<!--#set var="DATE" value='<small class="date-tag">2013-08</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>The German government <a
href="https://www.theregister.co.uk/2013/08/23/nsa_germany_windows_8/">veers
href="https://www.theregister.com/2013/08/23/nsa_germany_windows_8/">veers
away from Windows 8 computers with TPM 2.0</a> (<a
href="https://www.zeit.de/digital/datenschutz/2013-08/trusted-computing-microsoft-windows-8-nsa">original
article in German</a>), due to potential back
door capabilities of the TPM 2.0 chip.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201307300">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>Here is a suspicion that
we can't prove, but is worth thinking about: <a
href="https://web.archive.org/web/20150206003913/http://www.afr.com/p/technology/intel_chips_could_be_nsa_key_to_ymrhS1HS1633gCWKt5tFtI">
Writable microcode for Intel and AMD microprocessors</a> may be a
vehicle for the NSA to invade computers, with the help of Microsoft,
say respected security experts.</p>
</li>
<!-- Copied from workshop/mal.rec. Do not edit in proprietary-back-doors.html. -->
<li id="M201307114">
<!--#set var="DATE" value='<small class="date-tag">2013-07</small>'
--><!--#echo encoding="none" var="DATE" -->
<p>HP “storage appliances” that
use the proprietary “Left Hand”
operating system have back doors that give HP <a
href="https://insights.dice.com/2013/07/11/hp-keeps-installing-secret-backdoors-in-enterprise-storage/">
remote login access</a> to them. HP claims that this does not
give HP access to the customer's data, but if the back door allows
installation of software changes, a change could be installed that
would give access to the customer's data.</p>
</li>
</ul>
<div class="column-limit"></div>
<p>The EFF has other examples of the <a
href="https://www.eff.org/deeplinks/2015/02/who-really-owns-your-drones">
use of back doors</a>.</p>
</div>
</div>
<!--#include virtual="/proprietary/proprietary-menu.html" -->
<!--#include virtual="/server/footer.html" -->
<div id="footer" role="contentinfo">
<div class="unprintable">
<p>Please send general FSF & GNU inquiries to
<a href="mailto:gnu@gnu.org"><gnu@gnu.org></a>.
There are also <a href="/contact/">other ways to contact</a>
the FSF. Broken links and other corrections or suggestions can be sent
to <a href="mailto:webmasters@gnu.org"><webmasters@gnu.org></a>.</p>
<p><!-- TRANSLATORS: Ignore the original text in this paragraph,
replace it with the translation of these two:
We work hard and do our best to provide accurate, good quality
translations. However, we are not exempt from imperfection.
Please send your comments and general suggestions in this regard
to <a href="mailto:web-translators@gnu.org">
<web-translators@gnu.org></a>.</p>
<p>For information on coordinating and contributing translations of
our web pages, see <a
href="/server/standards/README.translations.html">Translations
README</a>. -->
Please see the <a
href="/server/standards/README.translations.html">Translations
README</a> for information on coordinating and contributing translations
of this article.</p>
</div>
<p>Copyright © 2014-2021 2014-2024 Free Software Foundation, Inc.</p>
<p>This page is licensed under a <a rel="license"
href="http://creativecommons.org/licenses/by/4.0/">Creative
Commons Attribution 4.0 International License</a>.</p>
<!--#include virtual="/server/bottom-notes.html" -->
<p class="unprintable">Updated:
<!-- timestamp start -->
$Date: 2024/11/06 10:43:17 $
<!-- timestamp end -->
</p>
</div>
</div><!-- for class="inner", starts in the banner include -->
</body>
</html>