The backdoor, known for years by vendors that sold the technology but not necessarily by customers, exists in an encryption algorithm baked into radios sold for commercial use in critical infrastructure.
But I was told that closed-source is more secure, surely nobody lied when they said that
Anyone saying that is definitely wrong, it is neither more secure or less secure just on the basis that it is closed or open source. There are processes that all types of software must take to ensure there are limited vulnerabilities. Security audits, pen testing, code scanning, etc.
To add to this, in this case there is even some rationale for being closed source - given the critical nature of the code, less visibility means availability to examine it for exploit opportunities. But that’s just one side of it, right? Open source might mean more opportunities to find and fix possible exploits as well.
There is some security to obscurity, but I’d argue that the more prevalent a system is the more having visible source adds security. When it comes to unscrupulous behavior by vendors - like those who would embed backdoors in communications element - shining light on the farm corners of their code definitely provides some security.
At the very least, if the company that supplies a product goes under, there’s a better possibility of getting a new vendor to support or patch it if they can actually get their hands on the source.
It won’t load for me, tl;dr anyone?
deleted by creator
It’s in a radio standard that’s used in Europe, and the backdoor apparently exists in multiple radios from different vendors which use the standard. Here is direct link to the article, which seems to work for me https://www.wired.com/story/tetra-radio-encryption-backdoor/
deleted by creator
I have no idea what it’s in, what it was sold as, whether it’s widespread or not. I don’t know what the company or companies are or were named. The tl;dr you reference has no useful information.
Ironic for that webpage
Might be related, Archive.today has this strange configuration where you can’t connect to their sites if you use a DNS server that don’t send EDNS Client Subnet (e.g. cloudflare dns 1.1.1.1).
It wont load for me either.