Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET! Learn What IT Pros Need to Know About Windows 11 - August 26th at 1 PM ET!
Security

Cisco To Audit Code In Wake Of Juniper Backdoor Announcement

dreamstime_xl_16507878

In the wake of an announcement by Juniper that after an internal code audit, they had uncovered two backdoors in the operating systems used in their NetScreen firewalls, Cisco has announced that they’re taking similar steps to perform an audit of their code. This step is a preventative measure for Cisco and is not in response to a known weakness.

In a blog post by Anthony Grico, Senior Director of the Security and Trust Organization within Cisco, the company outlines that although their normal development practices should detect unauthorized code from sneaking into their products, no process can eliminate all risk. The company will be conducting penetration testing and code reviews.

The company also says that there has been no indication that any code has been compromised, that the review was launched as a proactive effort in the wake of Juniper’s bulletin, and also not in response to any outside request.

Sponsored Content

Read the Best Personal and Business Tech without Ads

Staying updated on what is happening in the technology sector is important to your career and your personal life but ads can make reading news, distracting. With Thurrott Premium, you can enjoy the best coverage in tech without the annoying ads.

It’s generally acknowledged by security experts that due to the level of sophistication of such attacks against companies like Cisco and Juniper, it’s likely state agencies are responsible for the unauthorized code; the Chinese military, the US’s NSA or the UK’s GCHQ. The NSA had an operation exposed by Edward Snowden in which they intercepted Cisco products, mid-shipment, that were destined for other countries, to install backdoor code directly into those routers, firewalls, etc.

However, it may be also be less sophisticated attackers (or governments) who are using existing backdoors. Matthew Green, a cryptographer and professor at Johns Hopkins University, has theorized that the Juniper VPN decryption vulnerability may have been the result of Juniper’s implementation of an altered version of the NSA’s backdoored Dual EC random number generator. As Green explains, encryption depends on unpredictable random number generators, and the Dual EC method that has been advised by the National Institute of Standards and Technology (NIST) since the early 2000s was discovered by researchers to include a (probably NSA inserted) weakness that allowed an attacker to decrypt intercepted traffic.

Juniper utilizes Dual EC, but in a non-standard way so that the (NSA) backdoor was removed. However, researchers who decompiled Juniper’s firmware packages, have compared the differences in the compromised code and found that the compromised sections altered the number generator so that anyone with knowledge of the effected code, could again decrypt traffic.

In effect, the attackers used an existing (closed) door to open a new one for their own use.

Related Topics:

BECOME A PETRI MEMBER:

Don't have a login but want to join the conversation? Sign up for a Petri Account

Register
Comments (0)

Leave a Reply

Register for Advanced Microsoft 365 Day!

GET-IT: Advanced Microsoft 365 1-Day Virtual Conference - Live August 24th!

Join us on Tuesday, August 24th and hear from Microsoft MVPs and industry experts about how to take advantage of Microsoft 365 at a technical level and dive deep into the features and functionality that will make your environment more secure and compliant.

RSVP Now

Sponsored By