Top links

Monday, December 27, 2010

What is Traitorware? - Technology that secretly spies on you



Your digital camera may embed metadata into photographs with the camera's serial number or your location. Your printer may be incorporating a secret code on every page it prints which could be used to identify the printer and potentially the person who used it. Your web browser may report your Internet surfing information to some ghost remote machine without your notice, stealing your usernames / passwords to spy on you through automated bots. If Apple puts a particularly creepy patent it has recently applied for into use, you can look forward to a day when your iPhone may record your voice, take a picture of your location, record your heartbeat, and send that information back to the mothership. This is traitorware: devices that act behind your back to betray your privacy.

Perhaps the most notable example of traitorware was the Sony rootkit. In 2005 Sony BMG produced CD's which clandestinely installed a rootkit onto PC's that provided administrative-level access to the users' computer. The copy-protected music CD’s would surreptitiously install its DRM technology onto PC’s. Ostensibly, Sony was trying prevent consumers from making multiple copies of their CD’s, but the software also rendered the CD incompatible with many CD-ROM players in PC’s, CD players in cars, and DVD players. Additionally, the software left a back door open on all infected PC’s which would give Sony, or any hacker familiar with the rootkit, control over the PC. And if a consumer should have the temerity to find the rootkit and try to remove the offending drivers, the software would execute code designed to disable the CD drive and trash the PC.


Traitorware is sometimes included in products with less obviously malicious intent. Printer dots were added to certain color laser printers as a forensics tool for law enforcement, where it could help authenticate documents or identify forgeries. Apple’s scary-sounding patent for the iPhone is meant to help locate and disable the phone if it is lost or stolen. Don’t let these good intentions fool you! Software that hides itself from you while it gives your personal data away to a third party is dangerous and dishonest. As the Sony BMG rootkit demonstrates, it may even leave your device wide open to attacks from third parties.

The most recent example of traitorware is Google's famous browser Chrome that keeps on "updating" even when the browser is up-to-date. It installs a separate updater service on the client computer which remains active even when the browser is not open. And interestingly, you will never find this cute little updater service silent on the network! As it was exposed by a well known TV anchor Alex Jones, Google has been affiliated with CIA and NSA(National Security Agency) for the last many years and they are providing their "services" worldwide free of cost just for the sake of keeping an eye on everyone. This is the only reason why China blasted Google and banned its website network as well as its products inside China. But outside China, Google is running wild with its Online Office and other "handy" tools and violating its users' privacy.


There are several such applications even built into some of the most commonly used operating systems such as Microsoft Windows, which claim to "report user experience to the company for improvement of product and services" but behind the scene, the user's privacy is completely compromised. Traitorware is not some science-fiction vision of the future. It is the present. Indeed, the Sony rootkit dates back to 2005. Apple’s patent application indicates that we are likely to see more traitorware on the horizon. When that happens, EFF will be there to fight it. We believe that your software and devices should not be a tool for gathering your personal data without your explicit consent. As a safety measure, always DISCONNECT your computer from internet while working on sensitive data and it would be even better if you use an external storage device for your critical private data to ensure privacy.
Enticing Fury
Pakistan Cyber Force

No comments:

Post a Comment