Earlier this week at the 30th annual Chaos Communication Congress, Dell, among other US based tech firms, was accused of leaving deliberate backdoors in its software and hardware, to make it easier for the NSA to install malware and viruses on the machines and gain access to the information stored on them. This affects consumer hardware as much as enterprises, suggesting that many of the world’s computers could be lifting their digital skirts to the US for less than silver dollar. In response to consumer concerns about this, Dell has apologised, poorly.
“Thanks,” said one tech-head via a Tweet to Dell earlier this week. “I just found out my Dell server has NSA bug in Rand BIOS.”
“Thanks you for reaching out and regret the inconvenience,” it said. “Our colleagues at @DellCaresPro will be able to help you out.”
The news of the potential hacks and backdoors was released by security researcher Jacob Appelbaum, who said in his conclusion that he hoped Dell and other companies would fess up to what they’d done and make it easy for people to secure their hardware against future NSA snooping. At the very least, he hoped that Dell would let people know if they could possibly be affected by one of the seemingly deliberate flaws.
Dell wasn’t the only company he went after though. Apple was also on the list of companies that the NSA had no problem accessing the hardware of. It isn’t clear whether Apple colluded with the NSA to make the backdoors, or if it is just negligent, but there’s said to be enough flaws in the system that the NSA has carte blanche when it comes to the company’s hardware.
“Apple has never worked with the NSA to create a backdoor in any of our products, including iPhone,” was the company’s official response on the matter. Though that does leave plenty of room for deliberately allowing the NSA to create and install it’s own backdoors. Turning a blind eye is a lot easier than collusion.
KitGuru Says: Microsoft and many other companies have also denied working directly with the NSA, though when you consider the fact that by law they weren’t allowed to talk about the data sharing programs that we heard about earlier this year, it wouldn’t be surprising if they simply weren’t allowed to admit to backdoor creation either.