According to The Register, software to control your batter charger via your PC (for whatever reason you may want to do such a thing) has included a back-door which allows for "sending files to the remote attacker or downloading other strains of malware, as instructed via commands on a back channel controlled by hackers" since 2007.
Sure, most people don't care what runs on their PC or where it came from; if you need to go to www.
Here's their press report: http://phx.corporate-ir.net/phoenix.zhtml?c=124138&p=irol-newsArticle&ID=1399675
There is simply no way to validate what happened in the development process of this code, how developers were contracted, who worked on what, how, and why.
Compare this with (say) the Debian GNU/Linux distribution - planet.debian.org contains most of the packagers/developers' grumbles, debian.org/bugs contains the reported bugs, packages.debian.org contains links to source and binary packages included in the distribution - if you want to know what it does, you can find out.
I don't understand the concept that simpler is better when such things are involved - I don't know about you, but some of my PCs store personal financial information, information about customers and their server configurations - all sorts of things that I must not let some random employee of a battery company get their hands on.
Due Diligence must surely require running Free / Open Source Software. This is simply yet another example of this tautology.
Proprietary software has its place (until the revolution, comrades!), but it must come from trusted sources who can certify their work, and will take responsibility for such unforeseen side-effects.
Comments for 'Battery chargers exploit your PC shocker!'
You could post a comment if you were logged in.
You are logged in as 0