What is a backdoor?
Suppose you have saved your password on your laptop. So, anyone who has access to your laptop can get unauthorized access to your account. And that is a simple way of saying what a backdoor is.
A backdoor is malware using which one can bypass normal authentication in a system and thus, can gain unauthorized remote access to the system for malicious purposes.
A backdoor may be implemented as a hidden part of a program or a separate program or even be implemented by hardware.
Just to give an example, in 2003, a backdoor was planted in Linux Kernel. In a conditional statement for checking root access permission, ‘==’ was replaced with ‘=’. As a result, it gave unauthorized access to malicious callers. Even very recently, in 2015, Juniper Networks warned about a malicious backdoor in their firewalls that automatically decrypts VPN traffic.
How does a backdoor work?
There are two types of backdoors – Object Code Backdoors and Asymmetric Backdoors.
In Object Code Backdoors, software source code remains unchanged, but the object code gets modified maliciously. As the object code is designed to be machine-readable, it becomes much more difficult to detect. This type of backdoor is inserted in the on-disk object code or inserted at some point during compilation, linking, or loading.
Recompiling the software source code may get rid of the backdoors. So, malicious users sometimes change the compiler source code in such a way that whenever it compiles, links, and loads the source code, the backdoor is inserted. These backdoors can be fixed by recompiling the compiler and removing the backdoor inserting codes.
Normally, backdoors are symmetric. Anyone who finds the backdoor can, in turn, use it. However, Asymmetric Backdoors can be exploited only by the attacker who plants them, even if the backdoor implementation becomes public. This type of attack is termed Kleptography. And it can be carried out in software, hardware, or a combination of both. The theory of Asymmetric Backdoors is a part of a larger field named Cryptovirology.
0 Comments