EU: These are scary times – let’s backdoor encryption and make everyone unsafe!

The EU has shared its plans to ostensibly keep the continent’s denizens secure – and among the pages of bureaucratese are a few worrying sections that indicate the political union wants to backdoor encryption by 2026, or even sooner. While the superstate has made noises about backdooring encryption before, the ProtectEU plan [PDF], launched on Read more about EU: These are scary times – let’s backdoor encryption and make everyone unsafe![…]

A Win for human rights: France Rejects Backdoor Mandate

In a moment of clarity after initially moving forward a deeply flawed piece of legislation, the French National Assembly has done the right thing: it rejected a dangerous proposal that would have gutted end-to-end encryption in the name of fighting drug trafficking. Despite heavy pressure from the Interior Ministry, lawmakers voted Thursday night (article in Read more about A Win for human rights: France Rejects Backdoor Mandate[…]

Undocumented commands (backdoor) found in ESP32 Bluetooth chip used by a billion devices

Update 3/9/25: After receiving concerns about the use of the term ‘backdoor’ to refer to these undocumented commands, we have updated our title and story. Our original story can be found here. The ubiquitous ESP32 microchip made by Chinese manufacturer Espressif and used by over 1 billion units as of 2023 contains undocumented commands that could Read more about Undocumented commands (backdoor) found in ESP32 Bluetooth chip used by a billion devices[…]

Apple Says ‘No’ to UK Backdoor Order, Will Just Disable E2E Cloud Encryption Instead

Good work, Britain. Owners of Apple devices in the United Kingdom will be a little less safe moving forward as the company pulls its most secure end-to-end (E2E) encryption from the country. The move is in response to government demands there that Apple build a backdoor into its iCloud encryption feature that would allow law Read more about Apple Says ‘No’ to UK Backdoor Order, Will Just Disable E2E Cloud Encryption Instead[…]

Magic packet Backdoor found on Juniper VPN routers

Someone has been quietly backdooring selected Juniper routers around the world in key sectors including semiconductor, energy, and manufacturing, since at least mid-2023. The devices were infected with what appears to be a variant of cd00r, a publicly available “invisible backdoor” designed to operate stealthily on a victim’s machine by monitoring network traffic for specific Read more about Magic packet Backdoor found on Juniper VPN routers[…]

In massive U-turn, FBI Warns Americans to Start Using Encrypted Messaging Apps, after discovering the problem with backdoors

America’s top cybersecurity and law enforcement officials made a coordinated push Tuesday to raise awareness about cyber threats from foreign actors in the wake of an intrusion of U.S. telecom equipment dubbed Salt Typhoon. The hackers are linked to the Chinese government and they still have a presence in U.S. systems, spying on American communications, Read more about In massive U-turn, FBI Warns Americans to Start Using Encrypted Messaging Apps, after discovering the problem with backdoors[…]

Chinese 3x ISP hack shows why world is right about security backdoors and politicians and security people who want them are idiots

It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US. What’s notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement … […] Apple famously refused the FBI’s request to Read more about Chinese 3x ISP hack shows why world is right about security backdoors and politicians and security people who want them are idiots[…]

1.3 million Android-based TV boxes backdoored; researchers still don’t know how

Researchers still don’t know the cause of a recently discovered malware infection affecting almost 1.3 million streaming devices running an open source version of Android in almost 200 countries. Security firm Doctor Web reported Thursday that malware named Android.Vo1d has backdoored the Android-based boxes by putting malicious components in their system storage area, where they Read more about 1.3 million Android-based TV boxes backdoored; researchers still don’t know how[…]

Crooks plant backdoor in software used by courtrooms around the world

A software maker serving more than 10,000 courtrooms throughout the world hosted an application update containing a hidden backdoor that maintained persistent communication with a malicious website, researchers reported Thursday, in the latest episode of a supply-chain attack. The software, known as the JAVS Viewer 8, is a component of the JAVS Suite 8, an Read more about Crooks plant backdoor in software used by courtrooms around the world[…]

European human rights court says backdooring encrypted comms is against human rights

The European Court of Human Rights (ECHR) has ruled that laws requiring crippled encryption and extensive data retention violate the European Convention on Human Rights – a decision that may derail European data surveillance legislation known as Chat Control. The Court issued a decision on Tuesday stating that “the contested legislation providing for the retention Read more about European human rights court says backdooring encrypted comms is against human rights[…]

FBI Director Admits Agency Rarely Has Probable Cause When It Performs Backdoor Searches Of NSA Collections

After years of continuous, unrepentant abuse of surveillance powers, the FBI is facing the real possibility of seeing Section 702 curtailed, if not scuttled entirely. Section 702 allows the NSA to gather foreign communications in bulk. The FBI benefits from this collection by being allowed to perform “backdoor” searches of NSA collections to obtain communications Read more about FBI Director Admits Agency Rarely Has Probable Cause When It Performs Backdoor Searches Of NSA Collections[…]

Backdoored Firmware Lets China State Hackers Control Routers With ‘Magic Packets’

Hackers backed by the Chinese government are planting malware into routers that provides long-lasting and undetectable backdoor access to the networks of multinational companies in the US and Japan, governments in both countries said Wednesday. The hacking group, tracked under names including BlackTech, Palmerworm, Temp.Overboard, Circuit Panda, and Radio Panda, has been operating since at Read more about Backdoored Firmware Lets China State Hackers Control Routers With ‘Magic Packets’[…]

North Korean hackers put backdoors in Russian hypersonic missile maker computers

Reuters found cyber-espionage teams linked to the North Korean government, which security researchers call ScarCruft and Lazarus, secretly installed stealthy digital backdoors into systems at NPO Mashinostroyeniya, a rocket design bureau based in Reutov, a small town on the outskirts of Moscow. Reuters could not determine whether any data was taken during the intrusion or Read more about North Korean hackers put backdoors in Russian hypersonic missile maker computers[…]

TETRA Military and Police Radio Code Encryption Has a Flaw: A built in Backdoor

For more than 25 years, a technology used for critical data and voice radio communications around the world has been shrouded in secrecy to prevent anyone from closely scrutinizing its security properties for vulnerabilities […] The backdoor, known for years by vendors that sold the technology but not necessarily by customers, exists in an encryption Read more about TETRA Military and Police Radio Code Encryption Has a Flaw: A built in Backdoor[…]

Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor for updates

[…] Researchers at firmware-focused cybersecurity company Eclypsium revealed today that they’ve discovered a hidden mechanism in the firmware of motherboards sold by the Taiwanese manufacturer Gigabyte, […] the hidden code is meant to be an innocuous tool to keep the motherboard’s firmware updated, researchers found that it’s implemented insecurely, potentially allowing the mechanism to be Read more about Millions of Gigabyte Motherboards Were Sold With a Firmware Backdoor for updates[…]

Disabling Intel and AMD’s Backdoors On Modern computers

Despite some companies making strides with ARM, for the most part, the desktop and laptop space is still dominated by x86 machines. For all their advantages, they have a glaring flaw for anyone concerned with privacy or security in the form of a hardware backdoor that can access virtually any part of the computer even Read more about Disabling Intel and AMD’s Backdoors On Modern computers[…]

Planting Undetectable Backdoors in Machine Learning Models

[…] We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key,” the mechanism is hidden and Read more about Planting Undetectable Backdoors in Machine Learning Models[…]

Spinning Language Models: backdooring AI learning to output propaganda

We investigate a new threat to neural sequence-to-sequence (seq2seq) models: training-time attacks that cause models to “spin” their outputs so as to support an adversary-chosen sentiment or point of view — but only when the input contains adversary-chosen trigger words. For example, a spinned summarization model outputs positive summaries of any text that mentions the Read more about Spinning Language Models: backdooring AI learning to output propaganda[…]

Planting Undetectable Backdoors in Machine Learning Models

We show how a malicious learner can plant an undetectable backdoor into a classifier. On the surface, such a backdoored classifier behaves normally, but in reality, the learner maintains a mechanism for changing the classification of any input, with only a slight perturbation. Importantly, without the appropriate “backdoor key”, the mechanism is hidden and cannot Read more about Planting Undetectable Backdoors in Machine Learning Models[…]

FBI paid renegade developer $180k for backdoored AN0M chat app that brought down drug underworld

The FBI has revealed how it managed to hoodwink the criminal underworld with its secretly backdoored AN0M encrypted chat app, leading to hundreds of arrests, the seizure of 32 tons of drugs, 250 firearms, 55 luxury cars, more than $148M, and even cocaine-filled pineapples. About 12,000 smartphones with AN0M installed were sold into organized crime Read more about FBI paid renegade developer $180k for backdoored AN0M chat app that brought down drug underworld[…]

EU Takes Another Small Step Towards Trying To Ban Encryption; New Paper Argues Tech Can Backdoor Encryption Safely. It can’t.

In September, we noted that officials in the EU were continuing an effort to try to ban end-to-end encryption. Of course, that’s not how they put it. They say they just want “lawful access” to encrypted content, not recognizing that any such backdoor effectively obliterates the protections of end-to-end encryption. A new “Draft Council Resolution Read more about EU Takes Another Small Step Towards Trying To Ban Encryption; New Paper Argues Tech Can Backdoor Encryption Safely. It can’t.[…]

NSA: foreign spies used one of our crypto backdoors – we learnt some lessons but we lost them

It’s said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software. However, curiously enough, the NSA has been unable to find a copy of that report. On Wednesday, Reuters reporter Joseph Menn published an account Read more about NSA: foreign spies used one of our crypto backdoors – we learnt some lessons but we lost them[…]

Five Eyes governments, India, and Japan make new call for encryption backdoors – insist that democracy is an insecure police state

Members of the intelligence-sharing alliance Five Eyes, along with government representatives for Japan and India, have published a statement over the weekend calling on tech companies to come up with a solution for law enforcement to access end-to-end encrypted communications. The statement is the alliance’s latest effort to get tech companies to agree to encryption backdoors. Read more about Five Eyes governments, India, and Japan make new call for encryption backdoors – insist that democracy is an insecure police state[…]

Backdoorer the Xplora: Kids’ smart-watches can secretly take pics, record audio on command by encrypted texts

The Xplora 4 smartwatch, made by Chinese outfit Qihoo 360 Technology Co, and marketed to children under the Xplora brand in the US and Europe, can covertly take photos and record audio when activated by an encrypted SMS message, says Norwegian security firm Mnemonic. This backdoor is not a bug, the finders insist, but a Read more about Backdoorer the Xplora: Kids’ smart-watches can secretly take pics, record audio on command by encrypted texts[…]

The secret behind “unkillable” Android backdoor called xHelper has been revealed

In February, a researcher detailed a widely circulating Android backdoor that’s so pernicious that it survives factory resets, a trait that makes the malware impossible to remove without taking unusual measures. The analysis found that the unusual persistence was the result of rogue folders containing a trojan installer, neither of which was removed by a Read more about The secret behind “unkillable” Android backdoor called xHelper has been revealed[…]