Raspberry Pi Users Mortified as Microsoft Repository that Phones Home is Added to Pi OS
canopic jug writes:
Several sites are covering an incident affecting Raspberry Pi OS deployments since last week. Quietly, without disclosure or warning, a package added a Microsoft repository and OpenPGP key to the system. The latter effectively gives the former full root access, in principle, to the whole system. The former checks in with Microsoft's servers any time APT refreshes its cache.
$ grep -i pretty /etc/os-release
PRETTY_NAME="Raspbian GNU/Linux 10 (buster)"How to know if you're affected/infected already:
$ cat /etc/apt/sources.list.d/vscode.list
### THIS FILE IS AUTOMATICALLY CONFIGURED ###
# You may comment out this entry, but any other modifications may be lost.
deb [arch=amd64,arm64,armhf] http://packages.microsoft.com/repos/code
stable main
Issue has been taken with both what has been done and how it has been deployed. The official explanation is, for now, that resource hog Visual Studio was to be made available by default on the Raspberry Pi for development for their first entry into microcontrollers, the Raspberry Pi Pico. This is in spite of the established presence of many light weight editors and IDEs alredy[sic] available through vetted repositories. Not to mention the package could have been added to the established, vetted repositories. Threads on the topic over at the Raspberry Pi Forum are quickly locked by moderators and then deleted.
- TechRights. Raspberry Pi (at Least Raspbian GNU/Linux and/or Raspberry Pi Foundation) Appears to Have Been Infiltrated by Microsoft and There Are Severe Consequences
- TechRights. Raspberry Pi Foundation is Trying to Cover Up Its Deal With the Devil by Censoring Its Own Customers
- CyberCity. Heads up: Microsoft repo secretly installed on all Raspberry Pi's Linux OS
- Hot Hardware. Raspberry Pi Users Mortified As Microsoft Repository That Phones Home Is Added To Pi OS
- The Linux Gamer. Microsoft INFILTRATES Raspberry Pi OS
Read more of this story at SoylentNews.