Backdoors are methods of bypassing normal security or authentication on a system or within software which is often hidden or built-in by some malicious or non-malicious actor or programmer. Rootkits are often the method of choice for backdoors into Linux systems, but Windows systems are not left out of the party. The more apt definition often is an undocumented method to gain access to a computer system or its data.
Backdoors were formerly known as trapdoors, but standards and definitions have changed since initial discussions and publications discussing the issue in 1970. Yes, 1970 is when these were first mentioned in a paper by J.P. Anderson and D.J. Edwards through ARPA sponsorship (1).
Proprietary software can often contain backdoors which are most often than not never realized until an exploit or hacker group discovers them. Open Source on the other hand is by nature open and the source code freely available for peer review; This is the nature of closed versus open (I'll save this for a future discussion).
Back Orifice is a famous backdoor from way back in 1998 where it debuted at DEF CON. This software's purpose was to show how insecure Microsoft Windows 98 was at the time, but it was used to remote control systems globally. It used a client-server method similar to that of today's server/client methods used for normal daily operations (i.e. cloud services). It can be installed without the user having any knowledge of it's existence and is very simple to install.
Other examples of programs which include backdoors are the computer worms Sobig, MyDoom and the Sony / BMG rootkit, each of which were designed to steal data or gather informaton on the user. In the case of Sony & BMG, their rootkit was delivered via music CD media to customers for the purpose of so-called DRM, but in fact the purpose was to spy on their very customers.
Backdoors come in several types - symmetric, object code & asymmetric.
In the case of symmetric, any user who comes across this type of backdoor can take advantage of it while the asymmetric version uses cryptography to prevent anyone else utilizing it other than the holder of the private key or the author. If the code is made public, the installation cannot be utilized on a target system without the private key. This second method of attack is very difficult to detect and prevent as it utilizes some of the very same data security measures commercially utilized to protect our data.
Object code backdoors are much harder to inspect and often detect as they are designed to be machine readable and not human readable. These can be added to the code on disk, during compiling, linking through assembly code or loading directly into memory. Often the only method to detect these is to have the source code and perform hashing of the source vs the resulting code.
Even cryptographic algorithms are subject to vulnerabilities created by asymmetric backdoors as demonstrated through an experimental backdoor in RSA key generation of an OpenSSL RSA backdoor designed by Young and Yung (2).
Samsung Android phones and tablets such as the Galaxy devices contained a backdoor to provide access to all data stored on the device. The software containing the backdoor in this instance is responsible for controlling the modem via RFS (remote file server) commands to allow the attacker to take on a myriad number of tasks, even controlling the microphone or camera without any indication on the affected system (3).
No comments:
Post a Comment