If not redirected, please click here https://www.thesecuritybuddy.com/malware-prevention/what-is-a-backdoor/
Suppose, you have saved your password
in your laptop. So, anyone who has access to your laptop, can get
unauthorized access to your account. And that is a simple way of
saying what a Backdoor is.
A Backdoor is a method for
bypassing normal authentication in a system and thus, provide
unauthorized remote access to the system to malicious users.
A Backdoor may be implemented as a
hidden part of a program or a seperate program or even be implemented
by hardware.
Just to give an example, in 2003 a
Backdoor was planted in Linux Kernel. In a conditional statement for
checking root access permission, '==' was replaced with '='. As a
result, it gave unauthorizd access to malicious callers. Even very
recently, in 2015, Juniper Networks have warned about a
malicious Backdoor in their firewalls that automatically decrypts VPN
traffic.
There are two types of Backdoors –
Object Code Backdoors and Asymmetric Backdoors.
In Object Code Backdoors,
software source code remains unchanged, but the object code gets
modified maliciously. As the object code is designed to be machine
readable, it becomes much more difficult to detect. These type of
Backdoors are inserted in the on-disk object code or inserted at some
point during compilation, linking or loading.
Recompiling the software source code
may get rid of the Backdoors. So, malicious users sometimes change
the compiler source code in such a way that, whenever it compiles,
links and loads the source code, the Backdoor is inserted. These
Backdoors can be fixed by recompiling the compiler and removing the
Backdoor inserting codes.
Normally, Backdoors are symmetric.
Anyone who finds the Backdoor, can in turn use it. But, Asymmetric
Backdoors can be exploited only by the attacker who plants it,
even if the Backdoor implementation becomes public. This type of
attacks are termed as Kleptography and they can be carried out
in software, hardware or in combination of both. The theory of
Asymmetric Backdoors is a part of a larger field named
Cryptovirology.
Countermeasures
- Once Backdoors are detected, rebuild a clean system and transfer data.
- Another method is to use Diverse Double Compiling or DDC. It requires a different compiler and the source code of the compiler to be tested. That source code, while compiled with two different compilers, would result in two different stage-1 compilers showing same behavior. Thus, the same source code compiled in two different stage-1 compilers, must result in two identical stage-2 compilers. This method was applied to verify that C compiler of GCC Suite contained no trojan, using the icc as the other compiler. Normally, Operating Systems vendors implement these type of methods to make sure they are not distributing a compromised system.
This was an introductory article on
Backdoors. Hope you enjoyed it.
No comments:
Post a Comment