Re: What is a backdoor? [Word of the Week]

Sean Dahlberg · ‎05-31-2023

This one may seem obvious, but in another community I engage in (mainly with sysadmins & IT pros), it caused a bit of a discussion due to one of the examples.

In cybersecurity, a backdoor refers to any method by which authorized and unauthorized users can get around standard security measures and gain high-level user access (such as root access) on a computer system, network, or software application. While an organization may have various security solutions in place, there may be mechanisms in place that allow a user to evade them.

The part that caused a bit of a conversation when I talked about this elsewhere is that some of them are not created accidentally. Sometimes developers intentionally leave an "Administrative Backdoor" to easily reach the core and quickly solve the issue in case of any failure or error.

The downside is that this can allow unauthorized individuals to access sensitive information, manipulate data, or perform malicious actions. It's basically a hidden key to a locked door that only certain people know about.

How many of you know and remember Jonathan "c0mrade" James? It may sound like the introduction to the movie Hackers, but around the age of 16, James hacked into NASA's network and downloaded enough source code to learn how the International Space Station worked. And that was just the tip of the iceberg.

Back to the main topic, while an obvious security risk, backdoors might exist for a variety of reasons, including:

Developers might install backdoors for testing purposes.
Hackers might use malware to create backdoors to create vulnerabilities they might exploit.
Governments might push organizations to leave backdoors in encryption protocols or hardware and software products for surveillance purposes.
Vendors might create backdoors in their products to allow for remote management for support or data-gathering purposes.

No matter what the motivation for creating a backdoor is, organizations are put at risk if they rely on products with backdoors, especially if those backdoors are discovered or created by hackers for malicious purposes.

Now it's your turn. Are you concerned about backdoor vulnerabilities on your network? Have you ever discovered or been burned by one?

bigevilbeard · ‎05-31-2023

First time i heard this term was 1983 (yes i am that old) in the classic film Wargames. Lightman asks Jim how he might play the games he is not supposed too. Jim advises that he (Lightman) would never get in via the front door security and he should look for a backdoor, and that when he (Jim) designs a system he installed a backdoor so that whatever security is added on later he can always get back in and tells Lightman to find out more on person who designed the system.

In the year 2023, it may come as a surprise, but similar scenarios that occurred in 1983 could still unfold today. While the circumstances would naturally be different, such as the presence of a virus instead of someone attempting to hack into the system for game-related advantages, it is reassuring to acknowledge that certain elements remain constant. It serves as a reminder that despite the evolution of technology, some aspects of human behavior and challenges persist over time.

Please mark this as helpful or solution accepted to help others
Connect with me https://bigevilbeard.github.io

Alexander Stevenson · ‎05-31-2023

I love that movie

davidn# · ‎05-31-2023

I remember a recent article from Bloomberg in 2018. The article alleges the Department of Defense found that thousands of its servers were sending network data to China due to secret chips on Supermicro motherboards way back in 2010. The attack by Chinese spies reached almost 30 U.S. companies, including Amazon and Apple, by compromising America’s technology supply chain, according to extensive interviews with government and corporate sources.

Sean Dahlberg · ‎06-01-2023

A little bit of coincidental timing. I was just watching the latest TechLinked video during lunch, and around the 4:56 mark, they talk about Gigabyte having shipped hundreds of models of motherboards with a hidden firmware backdoor.

There are (of course) a variety of stories out there from different sites, including this one from SecurityWeek:

https://www.securityweek.com/organizations-warned-of-backdoor-feature-in-hundreds-of-gigabyte-motherboards/

Here is a quick quote from the article:

There is no evidence that the backdoor has been leveraged for malicious purposes and the feature appears related to the Gigabyte App Center, which is documented on the company’s website.

However, Eclypsium said it’s difficult to conclusively rule out that it is a malicious backdoor planted from within Gigabyte — either by a malicious insider or as a result of the company’s systems being compromised. It’s also difficult to definitively rule out that the backdoor was planted somewhere in the supply chain.

Even if the feature is legitimate, the cybersecurity firm warned that it could end up being abused by threat actors. It’s not uncommon for skilled hackers to take advantage of such tools in their attacks.

npetrele · ‎06-01-2023

There's a famous backdoor in Windows called NSAKEY. Microsoft has always denied it, but the debug symbol was found many years ago, and I personally believe that is a real backdoor for NSA.

https://en.wikipedia.org/wiki/NSAKEY