List of software & Hardware that is known to have backdoors

Discussion in 'privacy problems' started by Cutting_Edgetech, Jan 8, 2011.

Thread Status:
Not open for further replies.
  1. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    I was wanting to get a list started of software, and hardware that are known to have backdoors. So if you know of any then could you please list them in this thread. If the backdoor has legit purposes then you can also list them since they have the potential for abuse. If there is an ongoing debate on a particular software or hardware possibly having a backdoor you can list them as well, but make it very clear that at this time it is only speculation. Keep the thread fact based. I would like to thank anyone in advance that contributes to this thread. Thanks You!
     
  2. LoneWolf

    LoneWolf Registered Member

    Joined:
    Jan 2, 2006
    Posts:
    3,408
  3. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
    Hushmail
    PGP

    Still under debate,but highly widespread info.
     
  4. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
  5. DasFox

    DasFox Registered Member

    Joined:
    May 5, 2006
    Posts:
    1,825

    Please go back and re-edit the post to be more specific as to what you are implying?

    From the way I am reading into this, you mean Rogue Developers posing as legitimate software putting in backdoors?

    After all anyone can get a hold of software and put a possible back door in, and finding those answers, well, a lot more difficult, that's like asking who are all the hackers out there and who really knows.

    So sticking more to known Rogue problems, seems to be a more realistic focus...
     
  6. SafetyFirst

    SafetyFirst Registered Member

    Joined:
    Jan 26, 2007
    Posts:
    462
    I know about Hushmail, but PGP!?

    Can you provide a link, please?
     
  7. roady

    roady Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    262
    Last edited: Jan 9, 2011
  8. katio

    katio Guest

    "Real" software backdoors apparently are few and far between. I wouldn't count PGP and hushmail to them in the classical sense. The rest mentioned so far is only speculation, conspiracy theory or worse.
    Here's one that fits the definition:
    http://lwn.net/Articles/418478/
    an detected attemp:
    http://kerneltrap.org/node/1584
    and the most famous paper on backdoors in history:
    http://cm.bell-labs.com/who/ken/trust.html
    a good blog post on hardware backdoors:
    http://blog.ksplice.com/2010/10/hosting-backdoors-in-hardware/
    CPU backdoors:
    http://theinvisiblethings.blogspot.com/2009/06/more-thoughts-on-cpu-backdoors.html

    In a wider sense the good old hardware keyloggers and wiretraps could be counted.
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Would it be considered a back door when an antivirus whitelists a commercial keylogger?
     
  10. katio

    katio Guest

    If they hide that fact, I guess so. It's not a classical backdoor (hidden remote access left after the initial break-in as a way back) but comes pretty close and there's no other category that would fit better.
     
  11. tlu

    tlu Guest

  12. katio

    katio Guest

    @tlu: That "backdoor" is in the PGP _disk encryption_. Alternatives are Truecrypt, cryptsetup, DiskCryptor...
     
  13. tlu

    tlu Guest

    Ah, thanks. I was inattentive. AFAIR there had been also rumors about an NSA backdoor in PGP some years ago, though.
     
  14. Warlockz

    Warlockz Registered Member

    Joined:
    Oct 30, 2008
    Posts:
    642
    Their is not a backdoor in PGP period!

    You should actually read the links you shared, because neither has info or proof their is a backdoor in PGP!

    http://securology.blogspot.com/2007/10/pgp-whole-disk-encryption-barely.html

    How is this a backdoor? o_O
     
    Last edited: Jan 12, 2011
  15. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    I bet Skype has a back door now.
     
  16. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Skype was down the other day. I know that they and others have been requested to add a back door. I would be surprised if they have not. Skype is U.K., right?

    But I wonder. If a person was using portable skype, not installed, ran it only after firing up a VPN, opened it up and ran it sandboxed with Sandboxie, then deleted the Sandbox, what could be done with that back door? just curious.
     
  17. katio

    katio Guest

    Only hypothetically of course...
    Skype records all calls and connection data, forwards that to LEA, they go after your contacts who likely didn't use the same precautions and "kindly" ask where you are living...
    You get a nice visit from the SWAT team :p

    But really if there is a backdoor it's not geolocation but in the crypto. Even if all contacts connect over multiple VPNs or heavier anonymity (because for LEA with one VPN your identity is just one subpoena away) there's much to be learned from eavesdropping on the connection, including identity and whereabouts.
     
  18. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    I remember reading a while back that at some tech conference an NSA representative told the attendees that NSA is offering "billions" to any corporation or entity that can give them access to Skype communications. This would make sense -- all they have to do is buy their way into Skype. Since Skype is owned by E-bay, the NSA can just strong arm Ebay into putting in a backdoor (and with an offer of a lot of money).

    Edit: here's the article.
     
  19. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    If Skype is in the U.K. aren't they obligated to do something like this by default?
     
  20. Countermail

    Countermail Registered Member

    Joined:
    Aug 7, 2009
    Posts:
    167
    Location:
    Sweden
  21. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,301
    Location:
    Oz
    Thanks for that.
     
  22. SteveTX

    SteveTX Registered Member

    Joined:
    Mar 27, 2007
    Posts:
    1,641
    Location:
    TX
    I would like to nominate Windows 7 and later as a backdoored OS

    Windows 7 and later give Microsoft the ability to remotely and silently add certificate authorities to your OS. This means undetectable Man-In-The-Middle attacks across every website and every service.

    The real issue here is trusting Certificate Authorities, which are how SSL certs and https and other items are validated as "legit" or fake.

    Further, I can confirm that this is the case and that governments, especially the US, are doing this. How do I know? Simple: intelligence product vendors are now offering DPI/MITM devices that work seamlessly at 40 Gbps speeds (internet backbone), and all you have to do is insert your strongarmed SSL certificate and it does the rest. There is no other legitimate reason for such a device to exist.

    Now you may ask yourself, are these "trustworthy" Certificate Authorities, which are built into your OS, really complicit participants? Well, when I visited China, we saw valid but fake SSL certificates for Apple issued by the most trusted ssl certificate vendor on the planet.

    For more information on Microsoft's backdoor, and the pitfalls of SSL and trust, please read Certified Lies: Detecting and Defeating Government Interception Attacks Against SSL.
     
    Last edited: Jan 29, 2011
  23. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ SteveTX

    Thanks for the info & PDF link :thumb: Long read, but i will do it :)

    Glad i'm on XP with NO updates :D
     
  24. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Yes, i still have several machines with XP Pro, and I don't plan on ditching XP ever unless they quit issuing security patches for it.
     
  25. Cutting_Edgetech

    Cutting_Edgetech Registered Member

    Joined:
    Mar 30, 2006
    Posts:
    4,953
    Location:
    USA
    Very nice literature to add my my collection on privacy, and anonymity. I'm reading though it now. Thanks for the post!
     
Loading...
Thread Status:
Not open for further replies.