Backdoors are once again thrust into the forefront with this week’s breaking news that the NSA allegedly hacked Chinese router company Huawei’s servers. Back in October 2012 the House Intelligence Committee accused Huawei, which claims to interconnect one third of the Internet, of embedding backdoors into routers and “posing a national security threat.” And thanks to another Edward Snowden bombshell, we now know that the NSA took their own measures to ensure perpetual access to Huawei routers.
Government espionage is nothing new. Although both sides in the example above dismiss the claims, these recent developments confirm that the location of the battlefield is forever changed. Instead of bullets and bombs, the new intelligence war is being fought with almost imperceptible bursts of electricity. Reminds me of the classic AC/DC song “Dirty Deeds Done Dirty Cheap,” where they poetically proclaim that, “For a fee I’m happy to be your backdoor man.”
Now this song was written back in 1976, so I don’t think Bon Scott and the boys had Back Orifice and NetBus in mind. Back in 1976 the Apple I personal computer was just being released, and Microsoft Windows 1.01 was still nine years in the future. The very notion of a backdoor into a computer system wasn’t introduced into popular culture until the 1983 blockbuster movie “WarGames,” when computer hacker Matthew Broderick stumbles across a backdoor on a military computer system. Broderick successfully guesses the backdoor password “Joshua,” the name of the system programmer’s dead son. After gaining access to the military computer system Broderick almost unknowingly starts World War III. Back in 1983 the plot of WarGames seemed ridiculously farfetched, but was it really?
Wikipedia defines a backdoor as “a method of bypassing normal authentication, securing illegal remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected.” If backdoors are illegal, they’re surely confined to underground hackers, right? Sure, ever since the old days hackers certainly left backdoors on compromised systems. Maybe they even got fancy and implemented port-knocking servers to conceal backdoor Telnet or SSH services. But that’s ancient history; backdoors are now a crucial tool within the realm of government and corporate espionage.
Consider the recent RSA scandal. The NSA allegedly paid RSA $10 million to utilize a flawed pseudorandom number generator within their encryption products, effectively embedding a backdoor and allowing the NSA to compromise seemingly encrypted communications. From email messages to financial transactions to medical information, the security of RSA encrypted communications is now compromised. Government pressure was certainly a factor, but for a fee RSA was happy to be the NSA’s backdoor man. However, the most shocking and appalling aspect of this story is that RSA’s core business is security, unlike a networking or operating system company for which security is a necessary evil.
Backdoors are clearly nothing new. But now backdoors are all the rage. Consider a trip down only the past two years of Memory Lane:
- In May 2012 England’s The Guardian revealed that a computer chip used in the Boeing 787 contains a backdoor that could allow attackers to remotely control the chip from the Internet. The chip in question is utilized in flight critical applications on board the 787. In addition, the chip is utilized within military, automotive, and medical devices. Furthermore, the backdoor cannot be removed as it is embedded directly into the silicon. Fantastic.
- In July 2013 The Guardian broke a story that Microsoft collaborated with the NSA in order to compromise encryption functionality embedded within Outlook.com, SkyDrive and Skype, allowing carte blanche access to seemingly encrypted email messages, cloud storage, and video calls. Microsoft argued that they were legally compelled to comply with NSA Prism initiatives.
- In December 2013 Germany’s Spiegel Online revealed that the NSA developed a 50-page catalog of backdoors for a wide range of technology components including Western Digital hard drives, Dell servers, Juniper routers, and Cisco firewalls. In addition, the catalog included techniques to compromise iPhones. Do you know anybody with one of those? According to the report, the NSA can read contact lists and SMS messages, remotely activate the camera and microphone, and even pinpoint the phone’s geographic location. As an aside, isn’t it interesting that these major revelations are all coming from foreign media outlets? Could a gag order be in effect stateside?
- Speaking of foreign countries, by no means does the United States own a monopoly on backdoors. A former Pentagon analyst estimated that China controls backdoors into a whopping 80% of telecommunications traffic. ZTE Corporation and the aforementioned Huawei are believed to be responsible for creating this colossal espionage mechanism. In addition, zero-day exploits are a booming business all over the world.
- And of course backdoors aren’t reserved for the government sector. To quote another classic AC/DC song, “Come on, come on, listen to the money talk!” Malicious attackers sell access to botnets of compromised end-user computer systems for serious coin. Who knows, the device on which you’re reading this very blog post might already belong to a botnet. In addition, for a markup of several hundred dollars mSpy sells Android and iPhone devices with pre-installed backdoor functionality. To mention just of few of the privacy invasive features, the mSpy backdoor functionality allows you to read SMS and email messages, view pictures and videos, record telephone conversations, pinpoint GPS locations, and log keystrokes. As the site shamelessly advertises, are you afraid that your son’s “greasy haired buddies” are “troubled teens” that will punch his one way ticket to Stonerville? Then fork over $1,149 and invade his privacy with a loaded mSpy iPhone5S! Afraid that your significant other has cupcakes on the side? Then fork over $769 for an mSpy Nexus 5! Of course, mSpy does not “endorse the use of our software for any illegal purposes.” And of course all sales are final. No, this whole racket doesn’t seem shady at all. Not one bit.
As you can see, backdoors are a red hot commodity in today’s evolving information security landscape. Whether national governments or billion dollar corporations, backdoors are no longer reserved for the realm of nerdy hackers munching on Cheetos and guzzling Mountain Dew in front of their keyboard all night. And one thing is certain, for a fee hardware manufacturers, software vendors, and zero-day exploit writers are willing to be your backdoor man. However, the dirty deeds won’t be done dirt cheap; backdoors are a thriving and immensely profitable business.
Vince Kornacki, CISSP is an accomplished information security practitioner with 18 years of information technology experience including over a decade of primary focus on information security. Vince has delivered projects for major retail, power distribution, financial services, telecom, government, and education sector clients. His core area of expertise is web application penetration testing, but Vince is also experienced in network penetration testing, web application development, and firewall deployment.