Chinese censorware will expose every PC in the nation of malware, ID theft, botnetting

Green Dam, the mandatory censorware that will be installed on all Chinese PCs as of July 1, is remarkably insecure. J Alex Halderman from Freedom to Tinker and his colleagues Scott Wolchok and Randy Yao have released a paper, based on a mere 12 hours testing, detailing attacks that can be used to "steal private data, send spam, or enlist the computer in a botnet" and " install malicious code during the update process." They've released sample code demonstrating their findings.
The Chinese government has mandated that all PCs sold in the country must soon include a censorship program called Green Dam. This software monitors web sites visited and other activity on the computer and blocks adult content as well as politically sensitive material. We examined the Green Dam software and found that it contains serious security vulnerabilities due to programming errors. Once Green Dam is installed, any web site the user visits can exploit these problems to take control of the computer. This could allow malicious sites to steal private data, send spam, or enlist the computer in a botnet. In addition, we found vulnerabilities in the way Green Dam processes blacklist updates that could allow the software makers or others to install malicious code during the update process. We found these problems with less than 12 hours of testing, and we believe they may be only the tip of the iceberg. Green Dam makes frequent use of unsafe and outdated programming practices that likely introduce numerous other vulnerabilities. Correcting these problems will require extensive changes to the software and careful retesting. In the meantime, we recommend that users protect themselves by uninstalling Green Dam immediately.
Analysis of the Green Dam Censorware System

Freedom to Tinker: China's New Mandatory Censorware Creates Big Security Flaws (Thanks to everyone who suggested this!)


  1. A grand example of what happens when politicians try to control technology, they piss on their shoes every time as if it was a magnetic attraction.

  2. I love the test page that crashes green dam-infected computers with the AAAAAAAA~A.html link. pretty complex hack right there.

    seriously, how can a national government release software with such hilariously poor planning & development? you’d think they hired some interns from north korea and told them they had 12 hours for the entire project.

    hmm… or maybe as software developers, they just couldn’t stomach the idea of making software designed to so brutally repress their countrymen’s (and their own) computing activity, so they submitted the worst possible program that the government would accept.

    i’m no fan of censorware, but I hope the owners of cyber-sitter sue the living shit out of the chinese government for code lifting.

  3. As #1 pointed out – a billion zombie cluster could crack or DoS just about anything.

    Based on the NSA robin-hood style open competition the Chinese have some proficient crackers.

    Why post the obvious…

    The Chinese who choose to live in freedom must leave China – we received many Americans here over the past few years too.

    Do you run MacOSX or Windows? You were already rooted right out of the box.

  4. Sounds like a great oppourtunity to sequester unused cpu cycles for doing good work, decoding disease genomes, mapping weather, looking for alien life… Any benificent hackers out there looking to donate all China’s idle computer time to the forces of good?

  5. The botnetting may be more than an accidental consequence; what if Green Dam can be remotely activated to execute arbitrary code uploaded by its controllers, giving the People’s Liberation Army a botnet hundreds of millions of machines strong with no fear of it being detected or shut down? It could also be a pretty nifty supercomputer; a trivially small amount of CPU cycles from each of hundreds of millions of computers could do a lot of processing.

  6. I wouldn’t be surprised if these flaws were here on purpose. I mean, the Chinese gov is pretty good at disguising its real intentions into clumsy naive acts. No one can be accused, but the road is wide open for those who could profit out of that.

  7. I think that Green Dam’s botnet-building features are a bug rather than a feature.

    First, if the PLA wanted a 100-million-machine botnet or supercomputer via GreenDam, they would build in a hard-to-spot backdoor, rather than something that can be leveraged (by anyone, not just the PLA) with a few trivial hacks.

    Second, a botnet located exclusively in one country isn’t useful. If the PLA fired up a Green Dam botnet and used it to launch an attack on insert-target-of-choice, it probably wouldn’t take much more than half an hour for the whole of China to find itself null-routed. Enjoy your national intranet, folks.

  8. Interesting dilemma here. As a security researcher, do you make public these vulnerabilities so that the Chinese government can improve the software and more effectively suppress their people, or do you keep it to yourself in the hopes that the system is attacked and fails, and gives the Chinese government pause in trying something like that again?

    Probably means nothing in the long term, because only political change in China will make the desire to censor the people’s information access go away.

    Sidenote: perhaps this is an oppotunity to attack the system and turn it into a giant unfiltered VPN that will leap over the great firewall? White hats take note.

  9. Love the sickening overuse of the word “Green”. Everything green is good. Let’s be honest this a Red Dam with all the shoddy workmanship and holes of every other totalitarian dam or wall ever built.

    They all spring leaks and come tumbling down eventually. It is amazing that this simple fact of history alludes totalitarian pricks, or knowing this they continue to ignore history for their own short term gain.

    People are generally pathetic, both those in charge and those who work for them, meaning us.

  10. Is it possible that the software maker deliberately coded this way to help social-issue-white-hat hackers to leverage the exploits to cripple China’s infrastructure or to bring down the Great Firewall? Think about it: you could compromise tens of thousands (if not hundreds of thousands) of PCs behind the Greate Firewall in a short period of time, and then redirect themt to take down party sites, censorware servers, and even the Great Firewall itself!

  11. You know, once you have a mandatory censorship software on your computer, it kinda doesn’t matter anymore if it’s also insecure…

  12. PC makers should be moving the harddrive manufacturing and imaging to India, and then putting the harddrive in the machine when the shipment arrives at its destination.

  13. Also, the mandatory bot-net software can be used against the Chinese government just as easily as it can be used as their weapon.

  14. Weren’t the wily Chinese the ones who were supposedly able to hack silicon fab in order to root all Lenovo machines? Was that too much trouble or what?

  15. This is clearly a cunning act of sabotage by a renegade band of American ‘patriots’ designed to crush China’s ability to compete in any economic sphere more sophisticated than ironmongery.


    This is clearly a cunning act of reverse psychology by the PLA designed to encourage the hacker ethic in the entire population. It trades off a brief competitive handicap against the unstoppable long-term competitive advantage of 1.5B people who can fight their way to root no matter what.

  16. Personally, this part bugs me as much as anything:

    Some of the blacklists appear to have been copied from American-made filtering software… We found evidence that a number of these blacklists have been taken from the American-made filtering program CyberSitter.

    Also, according to Wikipedia’s article on Green Dam, a clarification of something else I was wondering about from that analysis:

    Both Wolchok, Yao and Halderman’s report and a technical analysis released on Wikileaks indicated that software contains code libraries and a configuration file from the BSD-licensed computer vision library OpenCV. The software is said to have violated the BSD license by the Wikileaks document.

    Not that China is exactly known for respect of intellectual property anyway, but something just doesn’t seem right about having the Chinese government require the installation of license-violating software.

  17. do you suppose the web has already “woken up”? That we presently entertain something quasi-self aware that exhibits the will to reproduce and survive associated with living things as the “automatically route around damage” function of the web that was its intial raison d’etre? That an emerging meme-plex that vast can’t be seen by us for “forest and the trees”? That what we see evolving in China is not so much directed by human governmental will so much as the inevitable unfolding of a New Thing?

  18. Ah, porn. Something right wing Christians, radical feminists and atheist communists can all agree on.

    If this is a Windows program does this mean that it
    is mandatory to use Windows in China?

  19. Quick, somebody invent a trojan that will infect the censor-ware equipped PCs and transform them into the world’s largets network of TOR routers, and automatically bypass the censorware.

  20. Open letter to the hackers
    who changed my homepage be granny porn:

    I forgive you, and only ask that you make every PC homepage in China display the history of Tienanmen square.

  21. As a Chinese,I think it is absurd.yes,the government pay 4710,00000RMB(about 600,00000 dollars) for it.

  22. Wouldn’t it be interesting to use the green dam to breech the great firewall? Install green dam, get a few proxies installed with it.

Comments are closed.