How Was the Secret Code Planted in Juniper’s Firewalls Only Discovered Now?

Should the EU Ban Teens from Social Media?
December 19, 2015
Happy holidays & warm wishes!
December 25, 2015
Show all

How Was the Secret Code Planted in Juniper’s Firewalls Only Discovered Now?

stock-photo-a-penetrated-lock-security-with-a-hole-on-computer-circuit-board-background-275967710

Source: Engadget

Juniper Networks a multinational company headquartered in California that develops and markets networking products. It is the second largest maker of networking equipment after Cisco. Its products include routers, switches, network management software, network security products and software-defined networking technology.

However, recently Juniper Networks has disclosed that it has discovered an “unauthorized code” inserted into the company’s ScreenOS software, the operating system that runs on its NetScreen firewalls and Virtual Private Network (VPN) services. The backdoor code, which appears to have been in multiple versions of the company’s ScreenOS software going back to at least September 2012, could have potentially allowed cyber-hackers to take complete control of the Juniper NetScreen firewalls running the affected software. Given a cyber-hacker with ample resources and sufficient skills, it also would have allowed hackers to separately decrypt encrypted traffic passing through its VPN, on the firewalls.

Extra:

FirewallA firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

Backdoor – Also known as trapdoor. An undocumented way of gaining access to a program, online service or an entire computer system. The backdoor is written by the programmer who creates the code for the program. It is often only known by the programmer. A backdoor is a potential security risk.

 

Those affected…

For the time being, NetScreen users running ScreenOS 6.2.0r15 through 6.2.0r18, and 6.3.0r12 through 6.3.0r20 are vulnerable. Juniper has since released patches for the software and advised customers to install them immediately.

 

Vulnerabilities involved

The backdoors form a major concern especially since one of them (a hardcoded master password left behind in Juniper’s software by the hackers) could potentially allow anyone else to take command of Juniper firewalls that the vendors have not yet patched, once the hackers have figured out the password by examining Juniper’s code.

In announcements released by Juniper, two sets of unauthorized code were discovered in the software, which created two backdoors that worked independently of one another. Wired goes into the vulnerabilities of both backdoors:

First backdoor – Would give hackers administrative-level or root privileges over the firewalls (essentially the highest-level of access on a system) when accessing the firewalls remotely via Secure Socket Shell (SSH) or Telnet channels. Although the firewall’s log files would show a suspicious entry for someone gaining access over its SSH or Telnet, the log would only provide a cryptic message that it was the ‘system’ that had logged on successfully with a password. Juniper noted that a skilled hacker could even remove this cryptic entry from log files to further eliminate any indication that the device had been compromised.

 

juniper

How it could look in the Juniper firewall log if a hacker attempted remote access through a backdoor (Source: Wired)

 

Second backdoor – Allow hackers who have already intercepted VPN traffic flowing through the Juniper firewalls to decrypt the traffic without knowing the decryption keys. A knowledgeable hacker would be able to monitor VPN traffic to decrypt the data accessed.

 

Who’s the culprit?

With all the disputes of some US government officials pressing for backdoor access to secure networks and services for law enforcement, there is speculation on which group of state-sponsored attackers is responsible. Nonetheless, as former National Security Agency (NSA) subcontractor, Edward Snowden, has pointed out, these personnel may not always adhere to polite permissions first. Documents leaked exposed how NSA agents had intercepted network gear from Cisco Systems and installed covert implant firmware onto the device before it was shipped to the rightful customer. Naturally, questions were raised on who was responsible for tampering with Juniper’s ScreenOS, and many have pointed fingers the country’s own NSA.

 

The issue with Juniper’s proprietary VPN

“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS” Juniper said.

The setback of proprietary VPNs such as Juniper’s, is that the backdoors which had been present since late 2012 were only brought to light during “a recent internal code review”. As such, any improvements or maintenance are solely reliant on the Juniper team of ITs to patch and test their setups, and it could only be fixed by upgrading to a new version of software after being just released by Juniper.

When comparing open-sourced VPNs to proprietary ones, open-sourced VPNs normally have fewer bugs and faster fixes because there are many others examining the source code, which increases the likelihood of exposing bugs or holes. It is easier to insert back doors inside proprietary software and the public would be dependent on the far smaller vendor’s development team to identify vulnerabilities.

Extra:

Open source  A development model promotes universal access via a free license to a product’s design or blueprint, and universal redistribution of that design or blueprint, including subsequent improvements to it by anyone.

As such, open-sourced VPNs usually are considered to have better security overall. Open source communities are typically quick to implement a fix, apply their own patches at will, or report any issues in the code.

FYI, BolehVPN works based on open source technologies and code of OpenVPN (an open source SSL VPN) forming its backbone.

 

Sources

[1] Wired

[2] Ars Technica

[3] Engadget

[4] Optimus Information

[5] PC Mag

Leave a Reply

Your email address will not be published. Required fields are marked *