Photo by Ariel on Unsplash

The Art of the Backdoor

Do you ever worry that your locksmith may take a copy of your key when they fit a new lock? Or that your locksmith has defined a lock which they know they have a skeleton key for? Or that your locksmith modifies the lock so that they can compromise it?

And so we trust those that create locks to design them so that they cannot be broken easily, and that lock standard agencies around the world to set standards that promote good lock design, and, most of all, that locksmiths can be trusted to fit them without compromising them (and in giving us good advice).

Introduction

Computer security is a serious business, but you must smile a little when you see the lengths that some intruders will go to in order to compromise systems. Organisations such as the NSA have long been accused of applying backdoors into cryptography software, but the recent Apple login hack shows that there are lots of opportunities for others to get in on the act. The addition of a backdoor in the Apple compiler showcased the opportunity for large-scale compromises.

Overall there are a number of ways that a backdoor can be added to a piece of software:

  • Escrow. In encrypted communications, one method is to keep of copy of the encryption key that could be used at some time in the future. Details [here].
  • Defining a standard that you know you can crack. The NSA and law enforcement agencies around the world have been accused of helping to define a standard and setting various parameters, and they know they have the methods to crack them.
  • Source code addition backdoor. This is the typical way that an intruder would add a backdoor, and where the additional code is added which will perform a task that allows the source code writer back into the system. Normally the code is added by the writer, but then an intruder finds out the backdoor and can exploit it.
  • Injected code backdoor. With these, packages such as Metasploit insert some additional code into the application, and which allows it to work the same, but creates a backdoor connection. Normally this is a call-out method, where the program calls-out to the malware writer.
  • Compiler backdoor. This is the best method for going undetected, and where the compiler, itself, adds the additional code to every program which uses the compiler. In terms of a mass exploit, the compiler backdoor will have the greatest scope as it will exploit a wide range of applications. The executable will also be signed to verify that it is a valid application.
  • Vulnerability and XSS exploit. This involves compromising a system in order to create a backdoor, typically injecting code into a running application which causes the system to open-up a backdoor connection.

The open-up of a network connection will obviously be detected on the system, but code writers have implemented a number of smart ways to cover this up, including passing secret passphrases for passwords, or with port knocking, where network packets are sent to a well-known open port, which then causes another port to open.

A. Defining a standard you know you can crack

The possible backdoor in Dual EC DRBG has been known about since 2004, and the team who worked on it had the chance to plug the gap but failed too. It thus allows law enforcement agencies to crack SSL/TLS encrypted traffic which used the method for random number generation. It was thus assumed that no-one would use the method, but, in Juniper’s case, it has been found in some of their devices.

In 2013, Edward Snowden showed NSA memos which indicated that the NSA had been the sole editor of the standard, whereas NIST responded that it did not deliberately weaken any cryptography standard. The following year, NIST recommended that companies stop using it, and withdrew it from its draft guidance on random number generation. In 2013, also, OpenSSL was found to be implementing the method, and which allowed TLS/SSL connections to be decrypted.

The back door in the standard for Elliptic Curve method for Dual_EC_DRBY caused a great deal of suspicion on the definition of NIST’s P curve standards, and that they had selected them so they could have an advantage in breaking the public keys. Most of the industry has moved away from the P standards (such as P-256) and towards Curve25519 (which is shown in the graphic on the right-hand side and which was created by Daniel J Bernstein), and now used by Tor, Signal, What’s App, Facebook, OpenSSH, and many other standards. In 2013, Bruce Scheiner stated that he didn’t trust the values selected:

I no longer trust the constants. I believe the NSA has manipulated them through their relationships with industry

I have plotted some of the standard Elliptic Curve parameters [here].

B. Source code additional back door

A classic backdoor was added to an FTP server (vsftp), and which has an intentional backdoor within the version running on it. The back door is exploited with the username ending with:

“:)”

and then the server listens on port 6200 and awaits a connection:

root@ubuntu:~# telnet 1.2.3.4 21Trying https://www.linkedin.com/redir/invalid-link-page?url=192%2e168%2e99%2e131...Connected to https://www.linkedin.com/redir/invalid-link-page?url=10%2e200%2e0%2e1.Escape character is '^]'.220 (vsFTPd 2.3.4)user mybackdoor:)331 Please specify the password.pass none ^]telnet> quitConnection closed.telnet 1.2.3.4 6200Trying https://www.linkedin.com/redir/invalid-link-page?url=10%2e200%2e0%2e1...Connected to https://www.linkedin.com/redir/invalid-link-page?url=10%2e200%2e0%2e1.Escape character is '^]'.id;uid=0(root) gid=0(root)

The UnrealRCD IRC daemon runs on port 6667. The version on Metasploitable has a backdoor where the user sends “AB”, and then follows it with a system command on a listening port (see demo above).

Intentional backdoors

One company — Crypto AG, a Swiss cryptography company who make encryption machines — has been accused of modifying their software in collusion with intelligence agencies from Germany (BND), the UK (GCHQ) and US (NSA). This was highlighted, in 1986, when Ronald Regan announced that the US had intercepted encrypted diplomatic communications between Tripoli and Libyan embassy in East Berlin, related to a bombing in Berlin. In 1992, the Iranian government even arrested Hans Buehler, a salesman for the company, but who was released in 1993 without revealing any flaws in the machines (and after $1 million bail money was paid).

Crypto AG soon after dismissed Hans, and requested he paid back the $1m. Since then Der Spiegel has interviewed former employees and concluded that the machine was indeed rigged. Even after several other investigations, there is still no conclusive proof of the rigging, but some suspect that the relationship with defence agencies goes back to 1954.

Juniper backdoor

With backdoors in cryptography being a hot topic, Juniper revealed that it had traced “unauthorized” code within its ScreenOS operating system on some of its firewalls, and which allowed an intruder to take complete control of Juniper’s NetScreen firewalls using a hard-wired password. This would allow them to decrypt all the encrypted traffic for VPN connections. There is a patch for this, but intruders can now determine the required password — which has been hard-wired into the code — by examining the ARM code used in the backdoor:

The strange thing is that the password is “<<< .” and looks like standard C++ compiled code. It is a bit like adding:

password = "let a = b + 1"

The following is a sample login:

$ ssh system@192.168.1.1Password: <<< %s(un='%s') = %u

Analysts have already managed to identify the password in just six hours. Overall the logs would just show that there was a successful login with “system”:

In 2013, Der Spiegel outlined the FEEDTHROUGH method which maintained a backdoor onto Juniper firewalls. This approach was different to the methods outlined in the latest backdoors, as it was a post-compromise.

C. Injected code backdoor

This method is normally detected by virus scanners as it often adds a standard piece of code which can be detected on a system. When downloading standard programs, it is often important to take the hash signature of the application, in order to determine if it had been modified.

D. Vulnerability and XSS exploit

E. Compiler injection backdoor

Background

Console.WriteLine("Hello")

could be compiled to perform the machine code equivalent of:

Console.WriteLine("Hello")TcpSocket(9999);

which might open-up a network port (9999) which could be connected to. In this way when the app was uploaded onto a site, it would look as it was a valid compile. It thus means that good applications will be infected in the same way as bad apps, and will be signed by a trusted certificate.

XcodeGhost

The malware itself is able to show phishing pages which are used to steal user credentials, and it does seem surprising that Apple allowed more than three dozen backdoored apps to be hosted on the App Store, including WeChat, Didi Kuaidi (a similar app to Uber for car-hailing), and NetEase Inc (a Spotify-like music app).

Normally a program is produced and then signed with the private key of the developer, which verifies that it has come from a trusted source (a public key then verifies that the code has come from a trusted source and also that it has not been modified — known as code signing with a strong key). So, in the case of XcodeGhost, valid developers will produce signed apps but where they have a backdoor added in the executable program.

Conclusion

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles…

Prof Bill Buchanan OBE

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Prof Bill Buchanan OBE

Written by

Professor of Cryptography. Serial innovator. Believer in fairness, justice & freedom. EU Citizen. Auld Reekie native. Old World Breaker. New World Creator.

ASecuritySite: When Bob Met Alice

This publication brings together interesting articles related to cyber security.

Medium is an open platform where 170 million readers come to find insightful and dynamic thinking. Here, expert and undiscovered voices alike dive into the heart of any topic and bring new ideas to the surface. Learn more

Follow the writers, publications, and topics that matter to you, and you’ll see them on your homepage and in your inbox. Explore

If you have a story to tell, knowledge to share, or a perspective to offer — welcome home. It’s easy and free to post your thinking on any topic. Write on Medium

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store