[thowaway959125]

Is this not a national security issue when looked at in a broader scope?

The Chinese company behind this seems to solely target the North American market and makes medical devices, IoT devices, and other things.

According to their homepage, their LA based office employs engineers from "United Bell Lab, Oracle, Motorola and other well-known international companies".

What else are they root-kitting? With this particular Android one they are freely able to brick devices at will, if it was ever necessary.

http://www.teleepoch.com/company.html

[DiabloD3]

This is a national security issue, but I will tell you the most important thing I've discovered: talking about malware, especially when employed against the technically illiterate, as a national security issue will get you attacked online.

People either freak out and shoot the messenger (either because they misunderstand how deep the technical illiteracy goes amongst the aging population or they are a member technical illiterate aging population and resist any effort to be educated), or they directly profit from it (companies that are part of China's spy effort, domestic or foreign), or they're just so goddamned dense they give excuses like "well I've never seen it, so it doesn't exist".

Also, as a side note: we probably should start considering advertising platforms a form of malware as well. Given how many systems run a WebView to display their content, and ad systems run Javascript, and it's a pipedream to ever think Javascript in a browser can ever be made to be secure (even if all it does is leak metadata and perform tracking); ads are, fundamentally, a way to inject malware and should be considered a national security issue.

And yes, I'm aware two of the largest tech companies are ad platforms that have side gigs (Google and Facebook); I, frankly, don't care. If your business revolves around a criminal enterprise that is claimed to be legal purely because of a loophole, then you should go out of business once that loophole is closed.

[matheusmoreira]

> we probably should start considering advertising platforms a form of malware as well

Absolutely! They've been used as malware vectors numerous times in the past. One of infinite reasons to block them unconditionally and make no exceptions.

[chaircher]

Adverts and adware as we see them now would have been considered 'spyware' 15/20 years ago. It's worth re-watching the IT Crowd scenes where someone's got ads all over their computer and they don't see the problem with it but it's obvious to the protagonists / viewer it's malware. And then through that lens have a look at a normal person's computer or smartphone in 2020. It's very disturbing

[saagarjha]

> talking about malware, especially when employed against the technically illiterate, as a national security issue will get you attacked online

Perhaps because "national security" tends to involve a foreign adversary?

[paulryanrogers]

Are you saying advertising platforms revolve around criminal enterprise? And if so is that because of their reliance on untrusted code?

[jazzyjackson]

the advertising platform need not be willfully malicious - but given that their javascript bundles are injected across hundreds of the largest websites, they make themselves valuable targets. If I wanted to distribute malware I would hack taboola and let their servers do the work for me.

[paulryanrogers]

Yet that seems like malicious actors orbiting big platforms and not the other way around.

[livueta]

You're right, but I also think that lets the ad networks off the hook too easily for something they really could do more to combat if they felt like it.

Maybe there's a useful analogue in tort law: https://en.m.wikipedia.org/wiki/Attractive_nuisance_doctrine

You've got a thing, and your thing is fine, but negligently allowing others to harm themselves (or in this case, third parties) with said thing can be a problem.

For instance, an ad network could decide to serve only static content and not accept any third-party js, greatly reducing the odds of someone coming along and using the network as a vector for malware. But the network has no incentive to do this because they make more money the other way. If they're made to cover some of the externalities of their product, they gain an incentive to not serve malware.

Running an ad network that accepts and distributes dynamic content is like leaving loaded firearms scattered around your property (in a jurisdiction without special safe-storage laws, I guess - the analogy isn't perfect).

[smoldesu]

They already do. Online advertising was infamously a race to the bottom, so much so that even in the early 2000s we were complaining about how risque and insane advertisements have gotten. 20 years of big-tech lobbying, Chrome dominance and Javascript adoption hasn't made the business any less criminal.

[matheusmoreira]

You'd think the world would've stopped trading with the chinese by now.

[api]

“China’s opening strike in WWIII consisted of a decapitation attack in which the embedded medical devices used by a large fraction of the older political and managerial class were used to mass euthanize them via a software update…”