Backdoors in network security products

Backdoors In Security Products

The diffusion of technology in our society has an important consequence.
We’ve adopted the technology elements so rapidly in our daily lives – without even understanding the implications of how our own daily life routine can be used against us.

In the today’s business environment, enterprises are also turning into a fascinating target for attackers, thanks to the network security flaws in their networks. With the cyberattacks coming from nearly all sides, it is difficult to ensure that every vector and point of entry within a network is well protected.

We all know that we are encircled by millions of electronic devices and appliances that in many cases perform vital functions in areas such as telecommunications, healthcare and defense. But any one of these devices could easily be equipped with a software or hardware backdoor that can cause a serious outcome for us. To safeguard against such threats, we must focus on validating the software and electronic components present in these devices.

What is a Backdoor and how it works?

A Backdoor is basically a remote administration utility that permits a user to gain access and control of a system — remotely over a network or the Internet. A backdoor can easily get the access & control of a system — because it exploits the undocumented processes in the system’s code. And a backdoor can be enforced for two reasons – either for getting the legitimate access of a system by the system administrator himself or as an unauthorized access by attackers who wants to control user’s machine without their knowledge and authorization.
A typical backdoor consists of 2 components – the client and its server(s). An attacker can use a client application to communicate with the server components, which are installed on the victim’s system. Where, the server components can be delivered to the victim’s system in numerous ways – in the format of a malware, trojan payload or a malicious e-mail attachment, etc.

An infected or vulnerable server component opens a network port to communicate with the client. An attacker can use this backdoor to issue commands to the infected system. Depending on how sophisticated the client is, it can include such features as:

  • Changing date/time settings of a hacked system.
  • Unauthorized File transfer.
  • Browsing through system’s hard drives and network drives.
  • Getting the system information.
    and so on…

While the Backdoors aren’t limited to software, they can also affect hardware and embedded radio-frequency identification (RFID) chips and memory.

Common hardware backdoors attacks embrace such features as:

  • Gaining access to protected memory.
  • Inducing faults, causing the interruption of normal behavior.
  • Hardware modification tampering with invasive operations; hardware or jailbroken software.
  • Backdoor creation; the presence of hidden methods for bypassing normal computer authentication systems.
  • Counterfeiting product assets that can produce extraordinary operations, and those made to gain malicious access to systems.

Recent Backdoors found in devices/software:

Recently, we have seen a rise in Backdoor attacks, here are the most significant ones:

  • A hidden Backdoor attack on Dell’s Sonicwall Global Management System (GMS): Last year, a hidden backdoor was found in the GMS – a widely-used security management software for centrally monitoring and managing an enterprise’s array of network security devices, where the attacker was able to get the full access to the software. After few days, the advisories in Dell acknowledged the flaws in their most recent versions of the GMS software and issued the patches immediately.
  • Juniper Networks Firewall Backdoor: A networking product provider Juniper Networks was also a victim of backdoor last year, where the company itself uncovered two mysterious backdoors that were embedded into their ScreenOS software running on its Netscreen firewalls. After the investigation they covered the backdoor in two distinct issues; a backdoor in the VPN implementation that allowed an attacker to bypass authentication in the SSH and Telnet demons, and the second vulnerability issue that allowed passive decryption of VPN traffic.
  • SSH backdoor in Fortinet Firewall Software FortiOS: Last year, a cybersecurity company ‘Fortinet’ whose enterprise network security offerings include the popular FortiGate firewall platform had found an SSH backdoor in their FortitheOS — the OS running on many of their company’s products. After the vulnerability was publicly disclosed, Fortinet’s security, engineering, and QA teams conducted an overall review of the company’s products and determined that the issue also affected some versions of FortiSwitch switches, FortiAnalyzer centralized log and reporting appliances, and FortiCache web caching appliances.
  • Backdoor in Cisco Routers: In Sep 2015, A Backdoor named “SYNful Knock” was found in more than 79 Cisco routers from 19 countries. The backdoor was implanted in the router illicitly through the device’s firmware (regardless of the vendor). And the goal of implanting the backdoor was achieved by modifying the router’s firmware image, which was existed even after the device reboot. As the implant was triggered by modifying the Cisco’s Inter-networked operating system (IOS), the implant activated many backdoor features such as: Giving unrestricted access using a wrapped backdoor password, allowing the attacker to install various functional modules from the Internet, Access to the router through the console and Telnet using backdoor password, etc.

Conclusion:

It is very important to understand the causes and consequences of a present backdoor in your devices. Be proactive and minimize the likelihood of a backdoor situation so you can stay in business without interruption. At present, there many of these backdoors elude malware detection tools because there are no executables, Enterprises must now look for new ways to track the open-source projects that enter their enterprise from external untrusted sources, such as open-source code repositories and must be able to rapidly respond to any backdoors discovered in these projects. If not, these backdoors have the potential to inflict serious and prolonged harm to the enterprise.

Leave a Reply

Your email address will not be published. Required fields are marked *