Latest in Gear

Image credit:

Juniper Networks finds backdoor code in its firewalls

A 'knowledgeable attacker' could have been using this to spy on VPN traffic for years.
Richard Lawler, @Rjcc
December 17, 2015
Share
Tweet
Share

Sponsored Links

One of the reasons corporate users and the privacy-minded rely on VPNs is to control access to their networks and (hopefully) not expose secrets over insecure connections. Today Juniper Networks revealed that some of its products may not have been living up to that standard, after discovering "unauthorized code" in the software that runs on its NetScreen firewalls during a code review. Pointed out by security researcher "The Grugq," the backdoor has been present since late 2012 and can only be fixed by upgrading to a new version of software just released today.

The pair of issues that created the backdoor would allow anyone who knows about it to remotely log in to the firewall as an administrator, decrypt and spy on supposedly secure traffic, and then remove any trace of their activity. Obviously this is a Very Bad Thing, although Juniper claims it has not heard of any exploitation in the wild (which would be difficult, since no one knew it existed and attackers could hide their traces) so far.

Beyond sending IT people sprinting to patch and test their setups, now we can all speculate about which friendly group of state-sponsored attackers is responsible. US government officials have recently been pushing for mandated backdoor access to secure networks and services, but the Edward Snowden saga made clear that even our own country's personnel aren't always going to ask permission before snooping on any information they want to check out. I contacted Juniper Networks regarding the issue, but have not received a response at this time.

Update: A Juniper Networks spokesperson told us:

During a recent internal code review, Juniper discovered unauthorized code in ScreenOS® that could allow a knowledgeable attacker to gain administrative access and if they could monitor VPN traffic to decrypt that traffic. Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems and apply the patched releases with the highest priority.

The patched releases also address an SSH bug in ScreenOS that could allow an attacker to conduct DoS attacks against ScreenOS devices. These two issues are independent of each other.

More information on these issues and the fix can be found in our JSAs available here: http://advisory.juniper.net

[Image credit: Shutterstock]

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
Google Play Music will start shutting down in September

Google Play Music will start shutting down in September

View
YouTube Music will transfer your Google Play songs with one click

YouTube Music will transfer your Google Play songs with one click

View
Phil Schiller is ending his long reign as Apple's marketing chief

Phil Schiller is ending his long reign as Apple's marketing chief

View
A $13,000 electric car will go on sale in the US by late 2020

A $13,000 electric car will go on sale in the US by late 2020

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr