Linux OS secretly installs Microsoft repo on Raspberry Pi

[German]Nasty  story or technical necessary? In the Raspberry Pi community, there is a shit storm, after an update of the Raspbian operating system secretly installed a Microsoft repo. This repo triggers a ping on a Microsoft server with every update.


Advertising

The Raspberry Pi is a small single-board computer that hobbyists like to use to learn programming and create projects. A Debian-based modified Linux operating system called Raspbian is available or included for the boards. Therefore, it is the most installed operating system on the Raspberry Pi. I came across a curious fact via the following tweet.

Microsoft Repo on Respberry Pi OS

Vivek Gite writes in this article, that with a recent update, the Raspberry Pi OS installed a Microsoft apt repository on all machines running Raspberry Pi OS without the knowledge of the person or administrator. Every time a Raspbian device is updated with this repository, it pings a Microsoft server.

Vivek Gite believes, that the repo contains VS code IDE for the Raspberry Pi-OS. However, since Microsoft telemetry has a bad reputation in the Linux community, there was soon quite an uproar on the Raspberry Pi forum. Unfortunately, the story then got worse, as the admins of the official Raspberry Pi forum quickly locked and deleted the topic threads, claiming it was “Microsoft bashing”.

It seems that the RPi Foundation officially recommends the MS IDE. Therefore, Gite suspects that this Microsoft IDE was added to the Raspberry Pi OS. Many power users use the Raspberry Pi as a Git server or adblocker etc. There is then immediately a trust issue when unwanted software repos are configured and gpg keys are secretly installed. The article written by Vivek Gite contains more details (including how to verify the whole thing) and explanations for interested readers. I’d say: This is an action that failed pretty much – although it seems that it was a bug, that has been corrected, as an anonymous reader posted on a comment on Vivek Gites blog post. And since some blog reader already use a Raspberry Pi, I didn’t want to withhold this from you.


Advertising


Cookies helps to fund this blog: Cookie settings
Advertising


This entry was posted in Linux, Security and tagged , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *