英語(yǔ)閱讀 學(xué)英語(yǔ),練聽(tīng)力,上聽(tīng)力課堂! 注冊(cè) 登錄
> 輕松閱讀 > 雙語(yǔ)閱讀 >  內(nèi)容

中國(guó)公司被指在安卓手機(jī)留“后門(mén)”

所屬教程:雙語(yǔ)閱讀

瀏覽:

2016年11月18日

手機(jī)版
掃描二維碼方便學(xué)習(xí)和分享

WASHINGTON — For about $50, you can get a smartphone with a high-definition display, fast data service and, according to security contractors, a secret feature: a backdoor that sends all your text messages to China every 72 hours.

華盛頓——花大約50美元(約合340元人民幣),你就可以買(mǎi)到一部帶有高清顯示和快速數(shù)據(jù)服務(wù)的智能手機(jī)。從事信息安全工作的承包商說(shuō),這種手機(jī)還有一種秘密功能:它有一個(gè)后門(mén),會(huì)每隔72小時(shí)就把你所有的短信都發(fā)送到中國(guó)。

Security contractors recently discovered preinstalled software in some Android phones that monitors where users go, whom they talk to and what they write in text messages. The American authorities say it is not clear whether this represents secretive data mining for advertising purposes or a Chinese government effort to collect intelligence.

從事安全工作的承包商最近在一些安卓(Android)手機(jī)上發(fā)現(xiàn)了預(yù)裝軟件,這種軟件監(jiān)視用戶(hù)去過(guò)哪里,他們與什么人聊過(guò)天,他們?cè)诙绦胖袑?xiě)了什么。美國(guó)當(dāng)局表示,尚不清楚這是一種為了廣告目的而秘密進(jìn)行的數(shù)據(jù)挖掘,還是一種中國(guó)政府收集情報(bào)的努力。

International customers and users of disposable or prepaid phones are the people most affected by the software. But the scope is unclear. The Chinese company that wrote the software, Shanghai Adups Technology Company, says its code runs on more than 700 million phones, cars and other smart devices. One American phone manufacturer, BLU Products, said that 120,000 of its phones had been affected and that it had updated the software to eliminate the feature.

受這種軟件影響最大的是國(guó)際客戶(hù)、臨時(shí)手機(jī)用戶(hù)以及預(yù)付話費(fèi)的用戶(hù)。但還不清楚其影響范圍有多大。這個(gè)軟件是中國(guó)的上海廣升信息技術(shù)有限公司(Adups)編寫(xiě)的,該公司稱(chēng)其代碼在超過(guò)七億部手機(jī)、汽車(chē)和其他智能設(shè)備上運(yùn)行。美國(guó)手機(jī)制造商BLU產(chǎn)品公司表示,其12萬(wàn)部手機(jī)受到影響,公司已更新了軟件,刪除了這個(gè)功能。

Kryptowire, the security firm that discovered the vulnerability, said the Adups software transmitted the full contents of text messages, contact lists, call logs, location information and other data to a Chinese server. The code comes preinstalled on phones and the surveillance is not disclosed to users, said Tom Karygiannis, a vice president of Kryptowire, which is based in Fairfax, Va. “Even if you wanted to, you wouldn’t have known about it,” he said.

發(fā)現(xiàn)該漏洞的信息安全公司Kryptowire說(shuō),廣升的軟件將短信的全文、聯(lián)系人名單、通話記錄、位置信息,以及其他數(shù)據(jù)傳輸?shù)揭粋€(gè)中國(guó)的服務(wù)器上去。Kryptowire副總裁湯姆·卡拉吉安尼斯(Tom Karygiannis)說(shuō),代碼是預(yù)裝在手機(jī)上的,但沒(méi)有向用戶(hù)披露這種監(jiān)視功能,Kryptowire公司位于弗吉尼亞州的費(fèi)爾法克斯。“即使你想知道,你也不可能知道有這個(gè)東西,”他說(shuō)。

Security experts frequently discover vulnerabilities in consumer electronics, but this case is exceptional. It was not a bug. Rather, Adups intentionally designed the software to help a Chinese phone manufacturer monitor user behavior, according to a document that Adups provided to explain the problem to BLU executives. That version of the software was not intended for American phones, the company said.

雖然信息安全專(zhuān)家經(jīng)常在消費(fèi)者電子產(chǎn)品中發(fā)現(xiàn)漏洞,但這次的情況很特別。這不是一個(gè)程序錯(cuò)誤。相反,據(jù)廣升向BLU高管提供的解釋這個(gè)問(wèn)題的文件,廣升有意設(shè)計(jì)了這個(gè)軟件,以幫助中國(guó)手機(jī)制造商監(jiān)視用戶(hù)行為。廣升表示,帶有上述功能的軟件版本原本不是為美國(guó)手機(jī)寫(xiě)的。

“This is a private company that made a mistake,” said Lily Lim, a lawyer in Palo Alto, Calif., who represents Adups.

“這是家犯了錯(cuò)誤的私人公司,”加利福尼亞州帕洛阿爾托的律師林麗麗(Lily Lim)說(shuō),她是廣升的法律代理。

The episode shows how companies throughout the technology supply chain can compromise privacy, with or without the knowledge of manufacturers or customers. It also offers a look at one way that Chinese companies — and by extension the government — can monitor cellphone behavior. For many years, the Chinese government has used a variety of methods to filter and track internet use and monitor online conversations. It requires technology companies that operate in China to follow strict rules. Ms. Lim said Adups was not affiliated with the Chinese government.

這個(gè)問(wèn)題顯示了處在整個(gè)技術(shù)供應(yīng)鏈中的公司,如何能夠在制造商或用戶(hù)知情或不知情的情況下侵害隱私。它也讓人看到了中國(guó)公司——進(jìn)而延伸到中國(guó)政府——可以監(jiān)視手機(jī)的一種方式。多年來(lái),中國(guó)政府一直在使用各種方法來(lái)過(guò)濾和跟蹤互聯(lián)網(wǎng)的使用,監(jiān)視在線對(duì)話。政府要求在中國(guó)經(jīng)營(yíng)的技術(shù)公司遵守嚴(yán)格的規(guī)則。林麗麗說(shuō),廣升不隸屬于中國(guó)政府部門(mén)。

At the heart of the issue is a special type of software, known as firmware, that tells phones how to operate. Adups provides the code that lets companies remotely update their firmware, an important function that is largely unseen by users. Normally, when a phone manufacturer updates its firmware, it tells customers what it is doing and whether it will use any personal information. Even if that is disclosed in long legal disclosures that customers routinely ignore, it is at least disclosed. That did not happen with the Adups software, Kryptowire said.

這個(gè)問(wèn)題的核心是一種被稱(chēng)為“固件”的特殊類(lèi)型軟件,固件告訴手機(jī)如何進(jìn)行操作。廣升提供的代碼讓公司能遠(yuǎn)程更新其固件,這是一個(gè)用戶(hù)基本上看不到的重要功能。通常,當(dāng)手機(jī)制造商更新其固件時(shí),它會(huì)告訴用戶(hù)做了什么,也會(huì)告訴用戶(hù)它是否將使用個(gè)人信息。盡管用戶(hù)通常對(duì)這種很長(zhǎng)的法律聲明文本毫不關(guān)心,但畢竟告知了用戶(hù)。廣升的軟件則未作有關(guān)聲明,Kryptowire說(shuō)。

According to its website, Adups provides software to two of the largest cellphone manufacturers in the world, ZTE and Huawei. Both are based in China.

據(jù)廣升的網(wǎng)站,該公司向世界上兩家最大的手機(jī)制造商中興和華為提供軟件。這兩家公司都在中國(guó)。

Samuel Ohev-Zion, the chief executive of the Florida-based BLU Products, said: “It was obviously something that we were not aware of. We moved very quickly to correct it.”

位于佛羅里達(dá)州的BLU產(chǎn)品公司的首席執(zhí)行官塞繆爾·奧赫夫-錫安(Samuel Ohev-Zion)說(shuō):“這顯然是我們不知道的事情。我們非常迅速地進(jìn)行了糾正。”

He added that Adups had assured him that all of the information taken from BLU customers had been destroyed.

他補(bǔ)充說(shuō),廣升已向他保證,從BLU客戶(hù)那里獲得的所有信息都已被銷(xiāo)毀。

The software was written at the request of an unidentified Chinese manufacturer that wanted the ability to store call logs, text messages and other data, according to the Adups document. Adups said the Chinese company used the data for customer support.

據(jù)廣升提供的文件,這款軟件是根據(jù)一個(gè)未指明的中國(guó)制造商的要求編寫(xiě)的,該制造商希望軟件有存儲(chǔ)通話記錄、短信消息和其他數(shù)據(jù)的功能。廣升說(shuō),中國(guó)公司使用這些數(shù)據(jù)提供客戶(hù)支持。

Ms. Lim said the software was intended to help the Chinese client identify junk text messages and calls. She did not identify the company that requested it and said she did not know how many phones were affected. She said phone companies, not Adups, were responsible for disclosing privacy policies to users. “Adups was just there to provide functionality that the phone distributor asked for,” she said.

林麗麗說(shuō),該軟件的目的是幫助中國(guó)客戶(hù)識(shí)別垃圾短信和電話。她沒(méi)有給出提這個(gè)要求的公司的名字,并表示不知道有多少手機(jī)受了影響。林麗麗稱(chēng),向用戶(hù)聲明隱私政策的責(zé)任在電話公司,不在廣升。她說(shuō),“廣升只不過(guò)是按照電話分銷(xiāo)商的要求提供功能而已。”

Android phones run software that is developed by Google and distributed free for phone manufacturers to customize. A Google official said the company had told Adups to remove the surveillance ability from phones that run services like the Google Play store. That would not include devices in China, where hundreds of millions of people use Android phones but where Google does not operate because of censorship concerns.

安卓手機(jī)用的軟件是谷歌(Google)開(kāi)發(fā)的,并免費(fèi)提供給手機(jī)制造商按照自己的需要改制。一名谷歌負(fù)責(zé)人表示,公司曾告訴廣升,讓其把監(jiān)視功能從運(yùn)行Google Play商店等服務(wù)的手機(jī)上刪除。但這不會(huì)包括中國(guó)的設(shè)備,雖然中國(guó)有數(shù)億人使用安卓手機(jī),但由于審查的原因,谷歌不在中國(guó)運(yùn)營(yíng)。

Because Adups has not published a list of affected phones, it is not clear how users can determine whether their phones are vulnerable. “People who have some technical skills could,” Mr. Karygiannis, the Kryptowire vice president, said. “But the average consumer? No.”

由于廣升尚未發(fā)布受影響手機(jī)的名單,目前不清楚用戶(hù)如何能確定他們的手機(jī)是否有問(wèn)題。“有點(diǎn)技術(shù)能力的人也許能自己解決,”Kryptowire副總裁卡拉吉安尼斯說(shuō)。“但一般的消費(fèi)者怎么辦?他們沒(méi)有辦法。”

Ms. Lim said she did not know how customers could determine whether they were affected.

林麗麗說(shuō),她不知道用戶(hù)怎樣能確定他們是否受到影響。

Adups also provides what it calls “big data” services to help companies study their customers, “to know better about them, about what they like and what they use and there they come from and what they prefer to provide better service,” according to its website.

廣升還提供被稱(chēng)為“大數(shù)據(jù)”的服務(wù),幫助公司研究其客戶(hù),“更好地了解他們,了解他們喜歡什么、他們使用什么、他們從哪里來(lái),還有他們的喜好,以為他們提供更好的服務(wù),”公司的網(wǎng)站說(shuō)。

Kryptowire discovered the problem through a combination of happenstance and curiosity. A researcher there bought an inexpensive phone, the BLU R1 HD, for a trip overseas. While setting up the phone, he noticed unusual network activity, Mr. Karygiannis said. Over the next week, analysts noticed that the phone was transmitting text messages to a server in Shanghai and was registered to Adups, according to a Kryptowire report.

Kryptowire發(fā)現(xiàn)這個(gè)問(wèn)題的過(guò)程既帶有偶然性,也受到好奇心的驅(qū)使。卡拉吉安尼斯說(shuō),公司的一名研究員為一次海外旅行買(mǎi)了一部便宜的BLU R1 HD手機(jī)。在設(shè)置手機(jī)時(shí),這名研究人員注意到不尋常的網(wǎng)絡(luò)活動(dòng)。據(jù)Kryptowire的報(bào)告,在接下來(lái)的一周里,分析師注意到該手機(jī)在向位于上海的一個(gè)服務(wù)器發(fā)送短信內(nèi)容,該服務(wù)器注冊(cè)在廣升名下。

Kryptowire took its findings to the United States government. It plans to make its report public as early as Tuesday.

Kryptowire已把這一發(fā)現(xiàn)上報(bào)了美國(guó)政府。公司計(jì)劃最早在周二公布其報(bào)告。

Marsha Catron, a spokeswoman for the Department of Homeland Security, said the agency “was recently made aware of the concerns discovered by Kryptowire and is working with our public and private sector partners to identify appropriate mitigation strategies.”

美國(guó)國(guó)土安全部發(fā)言人瑪莎·卡特倫(Marsha Catron)說(shuō),國(guó)土安全部“最近獲悉了Kryptowire發(fā)現(xiàn)的問(wèn)題,正在與我們的公共和私營(yíng)部門(mén)合作伙伴一起確定適當(dāng)?shù)木徑獠呗浴?rdquo;

Kryptowire is a Homeland Security contractor but analyzed the BLU phone independent of that contract.

雖然Kryptowire是一家國(guó)土安全部的承包商,但公司對(duì)BLU手機(jī)的分析是獨(dú)立于政府合同進(jìn)行的。

Mr. Ohev-Zion, the BLU chief executive, said he was confident that the problem had been resolved for his customers. “Today there is no BLU device that is collecting that information,” he said.

BLU首席執(zhí)行官奧赫夫-錫安說(shuō),他確信公司已經(jīng)為客戶(hù)解決了這個(gè)問(wèn)題。“如今已經(jīng)不存在收集這些信息的BLU設(shè)備了,”他說(shuō)。
 


用戶(hù)搜索

瘋狂英語(yǔ) 英語(yǔ)語(yǔ)法 新概念英語(yǔ) 走遍美國(guó) 四級(jí)聽(tīng)力 英語(yǔ)音標(biāo) 英語(yǔ)入門(mén) 發(fā)音 美語(yǔ) 四級(jí) 新東方 七年級(jí) 賴(lài)世雄 zero是什么意思中山市天紫華庭英語(yǔ)學(xué)習(xí)交流群

網(wǎng)站推薦

英語(yǔ)翻譯英語(yǔ)應(yīng)急口語(yǔ)8000句聽(tīng)歌學(xué)英語(yǔ)英語(yǔ)學(xué)習(xí)方法

  • 頻道推薦
  • |
  • 全站推薦
  • 推薦下載
  • 網(wǎng)站推薦