What happens when the security state cannot count on its own software to be secure?

 Barn Door

Root backdoor found in surveillance gear used by law enforcement | 
[Via Ars Technica]

Software used by law enforcement organizations to intercept the communications of suspected criminals contains a litany of critical weaknesses, including an undocumented backdoor secured with a hardcoded password, security researchers said today.

In a scathing advisory published Wednesday, the researchers recommended people stop using the Nice Recording eXpress voice-recording package. It is one of several software offerings provided by Ra’anana, Israel-based Nice Systems, a company that markets itself as providing “mission-critical lawful interception solutions to support the fight against organized crime, drug trafficking and terrorist activities.” The advisory warned that critical weaknesses in the software expose users to attacks that compromise investigations and the security of the agency networks.

[More]

So their own software for collecting wiretaps was so insecure that it had a hardcoded backdoor password for an account that was invisible to the police. Allowing root access to everything.

How’s that feel? The security state can not only secretly record our calls but, if using insecure software, could allow just about anyone lese who knew the backdoor to grab the information.

When are corporations going to become worried about industrial spying being a natural outgrowth (and an increasing one) of the security state as we descend into true totalitarianism?


Advertisements