Backdoors at the Forefront Backdoors are once again thrust into the forefront with this weeks breaking

news that the NSA allegedly hacked Chinese router company Huaweis servers. Back in October 2012 the House Intelligence Committee accused Huawei, which claims to interconnect one third of the Internet, of embedding backdoors into routers and posing a national security threat. And thanks to another Edward Snowden bombshell, we now know that the NSA took their own measures to ensure perpetual access to Huawei routers. Government espionage is nothing new. Although both sides in the example above dismiss the claims, these recent developments confirm that the location of the battlefield is forever changed. Instead of bullets and bombs, the new intelligence war is being fought with almost imperceptible bursts of electricity. Reminds me of the classic AC/DC song Dirty Deeds Done Dirty Cheap, where they poetically proclaim that, For a fee Im happy to be your backdoor man. Now this song was written back in 1976, so I dont think Bon Scott and the boys had Back Orifice and NetBus in mind. Back in 1976 the Apple I personal computer was just being released, and Microsoft Windows 1.01 was still nine years in the future. The very notion of a backdoor into a computer system wasnt introduced into popular culture until the 1983 blockbuster movie WarGames, when computer hacker Matthew Broderick stumbles across a backdoor on a military computer system. Broderick successfully guesses the backdoor password Joshua, the name of the system programmers dead son. After gaining access to the military computer system Broderick almost unknowingly starts World War III. Back in 1983 the plot of WarGames seemed ridiculously farfetched, but was it really?

Wikipedia defines a backdoor as a method of bypassing normal authentication, securing illegal remote access to a computer, obtaining access to plaintext, and so on, while attempting to remain undetected. If backdoors are illegal, theyre surely confined to underground hackers, right? Sure, ever since the old days hackers certainly left backdoors on compromised systems. Maybe they even got fancy and implemented port-knocking servers to conceal backdoor Telnet or SSH services. But thats ancient history; backdoors are now a crucial tool within the realm of government and corporate espionage. Consider the recent RSA scandal. The NSA allegedly paid RSA $10 million to utilize a flawed pseudorandom number generator within their encryption products, effectively embedding a backdoor and allowing the NSA to compromise seemingly encrypted communications. From email messages to financial transactions to medical information, the security of RSA encrypted communications is now compromised. Government pressure was certainly a factor, but for a fee RSA was happy to be the NSAs backdoor man. However, the most shocking and appalling aspect of this story is that RSAs core business is security, unlike a networking or operating system company for which security is a necessary evil.

Backdoors are clearly nothing new. But now backdoors are all the rage. Consider a trip down only the past two years of Memory Lane:

In May 2012 Englands The Guardian revealed that a computer chip used in the Boeing 787 contains a backdoor that could allow attackers to remotely control the chip from the Internet. The chip in question is utilized in flight critical applications on board the 787. In addition, the chip is utilized within military, automotive, and medical devices. Furthermore, the backdoor cannot be removed as it is embedded directly into the silicon. Fantastic. In July 2013 The Guardian broke a story that Microsoft collaborated with the NSA in order to compromise encryption functionality embedded within Outlook.com, SkyDrive and Skype, allowing carte blanche access to seemingly encrypted email messages, cloud storage, and video calls. Microsoft argued that they were legally compelled to comply with NSA Prism initiatives. In December 2013 Germanys Spiegel Online revealed that the NSA developed a 50-page catalog of backdoors for a wide range of technology components including Western Digital hard drives, Dell servers, Juniper routers, and Cisco firewalls. In addition, the catalog included techniques to compromise iPhones. Do you know anybody with one of those? According to the report, the NSA can read contact lists and SMS messages, remotely activate the camera and microphone, and even pinpoint the phones geographic location. As an aside, isnt it interesting that these major revelations are all coming from foreign media outlets? Could a gag order be in effect stateside? Speaking of foreign countries, by no means does the United States own a monopoly on backdoors. A former Pentagon analyst estimated that China controls backdoors into a whopping 80% of telecommunications traffic. ZTE Corporation and the aforementioned Huawei are believed to be responsible for creating this colossal espionage mechanism. In addition, zero-day exploits are a booming business all over the world. And of course backdoors arent reserved for the government sector. To quote another classic AC/DC song, Come on, come on, listen to the money talk! Malicious attackers sell access to botnets of compromised end-user computer systems for serious coin. Who knows, the device on which youre reading this very blog post might already belong to a botnet. In addition, for a markup of several hundred dollars mSpy sells Android and iPhone devices with pre-installed backdoor functionality. To mention just of few of the privacy invasive features, the mSpy backdoor functionality allows you to read SMS and email messages, view pictures and videos, record telephone conversations, pinpoint GPS locations, and log keystrokes. As the site shamelessly advertises, are you afraid that your sons greasy haired buddies are troubled teens that will punch his one way ticket to Stonerville? Then fork over $1,149 and invade his privacy with a loaded mSpy iPhone5S! Afraid that your significant other has cupcakes on the side? Then fork over $769 for an mSpy Nexus 5! Of course, mSpy does not

endorse the use of our software for any illegal purposes. And of course all sales are final. No, this whole racket doesnt seem shady at all. Not one bit.

As you can see, backdoors are a red hot commodity in todays evolving information security landscape. Whether national governments or billion dollar corporations, backdoors are no longer reserved for the realm of nerdy hackers munching on Cheetos and guzzling Mountain Dew in front of their keyboard all night. And one thing is certain, for a fee hardware manufacturers, software vendors, and zero-day exploit writers are willing to be your backdoor man. However, the dirty deeds wont be done dirt cheap; backdoors are a thriving and immensely profitable business.