A backdoor has multiple meanings. It can refer to a legitimate point of access embedded in a system or software program for remote administration.
Generally this kind of backdoor is undocumented and is used for the maintenance and upkeep of software or a system. Some administrative backdoors are protected with a hardcoded username and password that cannot be changed; though some use credentials that can be altered. Often, the backdoor’s existence is unknown to the system owner and is known only to the software maker. Built-in administrative backdoors create a vulnerability in the software or system that intruders can use to gain access to a system or data.
Attackers also can install their own backdoor on a targeted system. Doing so allows them to come and go as they please and gives them remote access to the system. Malware installed on systems for this purpose is often called a remote access Trojan, or a RAT, and can be used to install other malware on the system or exfiltrate data.
Backdoors of another sort gained notoriety in 2013 when NSA documents leaked to the media by whistleblower Edward Snowden revealed a decades-long effort by the spy agency, in partnership with Britain’s GCHQ, to pressure companies into installing backdoors in their products. They particularly focused pressure on the makers of encryption systems. These secret backdoors allow the intelligence agencies to circumvent or undermine security protections and surreptitiously access systems and data.
One of the most controversial backdoor cases involved the NSA’s reported efforts to intentionally weaken an encryption algorithm known as the NIST SP800-90 Dual Ec Prng so that any data encrypted with the algorithm would be susceptible to cracking by the NSA.
No comments:
Post a Comment