Computing > General Computing

"Back-Doors" in most Software!

(1/3) > >>

GlennSprigg:
I'm reminded of a very old, but REAL example of internal banking fraud, where a programmer set something up to deduct just 1-Cent
from accounts, during all personal transactions made by all bank members, and placed them in the highest alphabetical named account
without actually having to code in that name. Was only found out, when some innocent person opened an account which was higher
alphabetically, and started getting money piled in!  Who would miss 1-Cent!  Coders can do anything really, but better checks are in place now.

Anyway... When Pub 'Pokie' machines were first introduced here in Australia, decades ago, I remember first-hand observing certain gangs of
people, under one persons control, and a notebook, would repeatedly send people to certain machines, who would always come back shortly
with quite a bit of cash to hand over to him, before being sent off to other machines. They would make it look like they were 'loosing' for a
while... What they were doing though, is finally hitting a complex sequence of buttons, a certain amount of times, that would always result in
a substantial payout. The Machines are basically a computer!, and there was hidden coding, to achieve  those results! (Not mech machines!).

Also, when I was a Tech, and not working FOR, but with, specialist Elevator Techs at times, they often showed me 'tricks' of their Trade!! 
Now this didn't make any money as such, but allowed them to do certain 'sneaky things'. I won't say what various companies/brands did this,
and will not divulge the 'true' codes... However, it involved doing things 'like' hitting the 'door-close' button 20 times in 20 seconds, and then
hitting the Floor that you want.  It would cancel ALL other calls, (from 4 to 30 floors or what ever!), and take you express to what you want!   8)
The POINT being, here, that as most things are computer controlled now, programmers can do almost anything!!

dave j:
The button controlled traffic lights/pedestrian crossings in the UK, at least the bit of it I'm in, used to have double click to change immediately. Sadly someone's removed that feature now.

Rerouter:
If you know enough about most systems, you usually end up finding all the left over debug, commisioning self test, and maintainance things, sometimes it gives you more access, but a lot of the time your still in walled garden land in that it was an intentional function of the program that atleast maintainance was intended to access, and usually does not let you over-ride or setup new functions in the program,

Its like in a lot of cars, if you turn to ignition while holding down the trip meter button you can get into a diagnostic menu, usually just for the cluster, but sometimes able to trigger self test modes for various modules in the car,

In certain radios holding the right keys when turned to accesory following a battery disconnection brings up a factory test mode,

Phones can be booted into diagnostic menus by holding the right button combination,

mikerj:

--- Quote from: GlennSprigg on May 30, 2021, 12:18:54 pm ---I'm reminded of a very old, but REAL example of internal banking fraud, where a programmer set something up to deduct just 1-Cent
from accounts, during all personal transactions made by all bank members, and placed them in the highest alphabetical named account
without actually having to code in that name. Was only found out, when some innocent person opened an account which was higher
alphabetically, and started getting money piled in!  Who would miss 1-Cent!  Coders can do anything really, but better checks are in place now.

--- End quote ---

That's the plot of Superman 3

R-star:
These days, the backdoors are by law, everywhere.

Lets take VPN companies, these are not technically "backdoors", but they illustrate the situation better.
When you are shopping for VPN, many of them will promise to "keep no logs". This is a lie. All of them, in most of the world, will keep those logs and gladly relay them to the authorities in both cases, if you are a true predator and equally the same if you are simply a dissident ready to put a face on a major government figure who is a true predator and is involved in high crimes.
These companies are legally allowed to lie to us. Just the same as Cops.

Funny story, but once I was in a "hot" cafe. You know, where you buy coffee and the waitresses are all 20 yo cuties in their birth suits.
I was new in that particular one, and the girls didn't know me. So, two of the cuties sat down with me and tried to figure out if I am a cop being there to close the establishment or not. I tried to explain, that one may not prove that he is "not something". If I was a cop, I could show them my ID. But since I wasn't, there was nothing I could do, or show, well, at least while remaining a gentleman. So, they demanded me to swear I am not a cop. Lol. This got to teach you something about life! The girls believed the old street story designed for the stupid, that the cop may not lie if asked. Of course he can, it is his job. And the judge will laughter at you for believing that story.

Anyway, these VPN companies are instructed to lie to us. They are specifically excluded from prosecution if ever sued for this. 9 eyes, 14 eyes, look it up. More over, if authorities came to them and installed any additional equipment to record or filter their traffic, these companies are prevented from uttering a single word about it. By law. That's what we had the 9-11 for.

So, back to the backdoors. They are everywhere, by law.

Windows:
Why do you think you constantly receiving the "security updates"? These packages are the backdoor / surveillance components and patches. Some a new "holes" that need to be put to use, others are patches and fixes for the existing backdoors that have stopped working because people and software authors constantly change the playing field. This is precisely why these packages are not open source.

Motherboard:
Say you don't even use windows. It's OK. There are plenty of chips onboard, that provide backdoors, to the OS you are running, to your encrypted key storage, to sensors and surveillance units such as camera and microphone. It is on such a low level, that even the engineers that work with those chips refer to these software (firmware) components as "proprietary blobs" that are "simply there".
There is no way to disconnect or to switch off any of this. The companies that design these hardware components, are all required by law to do it on the "OK principle": If you ever get any choice it is between pressing the OK button or not pressing it, the result is the same. Most of the time, if you somehow omit the driver or otherwise make the surveillance component disabled, then the computer wont work at all, by design. The driver running these things is shared with some other important component, and you either get both working or none.

Echo, Alexa, IoT, Suri... nothing to explain here.

Take browsers. Same thing, why the incessant race to the new version? :) Of course, it is the security. It is all for your benefit.
This is why you have less and less choice about those updates. If you do not, the company will make sure you will quickly become incompatible and unable to use it. And how you become incompatible? They tell us it is because the new code doesn't support your old stuff. Yes, in some cases. But in absolute majority of cases, the resource will simple refuse to serve you properly based on your version, or there is more and more often a bit in the data that you receive, that you are flagged as incompatible, so your own software that used to work with the same data before, now will not, or will work purposefully slow.

An experiment. Build a computer, and completely break the updates. This is the one computer that will never ever be hacked into, for years and years, while many other online-updated-hourly would be compromised.

Same thing with phones. If you root and install a custom ROM (while you still be spied on thru backdoors), this will be the one phone never hacked, even though you are the root and your bootlocker is not checking the signatures. It is exactly opposite to what they try to make us to believe.

Single autonomous talented hackers simply won't be after you, and the government hacking departments are relying on their established tools and backdoors, and are nothing to do with talent, they can't really do anything with a custom combination, especially if you are way behind the times (this is why they urge us to always be up to date) - because youngsters hate old hardware and rather die than learn something from their father days. They'll have a thousand and one way to ghost remote into Windows 10 in a minute, yet, they will fail to even find a control panel in Windows 98 with a mouse in hand.

Apple is all a spyware by design and there is no question about it. You're not even allowed to check. You are encouraged to believe. From time to time they will publicly "refuse" to hand down the information or the access to someone's phone, while they have already done so behind the closed doors. But it makes us think that Apple must be more powerful than the government. Right.

Androids? Same issue, the proprietary blobs of code that no one knows exactly what it contains. The backdoors are on a low level too.
Google spies on you? True! This is the only reason they created all of their services. But, lets say, that you remove Google (de-googled it).
Lets say you have wiped it clean, rooted, never even installed anything google, and loaded up something like Lineage OS, which is an open source project. But those binary blobs on the one level above bare metal, those things will remain.
For instance, if you go to HTC website to get a S-OFF on your phone and obtain an ability to modify your system partition with persistent changes, it will still not apply that unlock to guess what, right, the radio. Because if it did, you could possibly load the radio version that does not cooperate with the government spoofed signal that lets them monitor everything you do by pretending to be a real commercial cell tower. Their excuse? Not that it is important, just hilarious: because if they unlocked the radio you could wrongly flash it and bootloop or brick your phone! HAHAHAHAHA! As if there is no way you could do that already? But just the principle, the idea suggested if offensive to anyone who thinks, - are we supposed to believe that they care about us? Give me a break!

Backdoors? Yeah.

Only one thing remains. Turn it off, remove all power sources (this is why they started to design phones with non-removable batteries, you think it is off, but it really isn't). So, once the power is removed, still, place the damn thing in a metal box. Now, it is dark for good. Mr Faraday took care of it.

And if you want to "properly" dispose of a phone, don't just throw it out of a car, like some movie star, you have to burn it hot enough to melt every chip inside. Smashing it with a hammer does nothing anymore. Terminator style, lol, I mean fe2o3 + al. Once it is gone liquid, it is gone for good.

If you need a burner, don't use your own phone, always someone else's and never twice, have your own dark when you do so, don't use any actual devices sold as "burners". Code your talk, so you never actually say what you want to convey, the other side must know the meaning. Burners are mostly tracked by the connections (calls) you make, they compile a database and calculate who everyone is. So, if you never use your phone and neither does your party, you are somewhat safe, as long as you don't repeat or start talking in a straight language.

Navigation

[0] Message Index

[#] Next page

There was an error while thanking
Thanking...
Go to full version