Backdoor

from Wikipedia, the free encyclopedia

Backdoor (also known as trapdoor or backdoor ) refers to a piece of software (often built in by the author)that enables users togain access to the computer or to another protected function of a computer programby bypassing normal access protection .

One example is universal passwords for a BIOS or special software (usually secretly installed by a Trojan horse) that enables corresponding remote access to the computer.

Difference between backdoor and trojan

A Trojan horse, or Trojan for short, is a computer program or script that disguises itself as a useful application, but performs a different function in the background without the knowledge of the user. The simplest example of this is a malicious program that deletes the user's files , but whose file name suggests another function, such as lustiger_Bildschirmschoner.exe. It does not matter whether the "funny screen saver" actually displays a screen saver while it is destroying the data, or whether it is simply destroying the data. The use of the misleading file name is sufficient to classify the program as a Trojan horse.

Trojans can also be used to install backdoor programs, but do not necessarily have to contain them. If a Trojan harbors and installs its own backdoor program, the intruder will access the installed backdoor program and not the Trojan. In this case, the Trojan was only used as an auxiliary program for the secret installation. The Trojan can then be deleted at any time without this affecting the further functioning of the backdoor program.

However, nobody prevents the developer of a backdoor program from using the technology of a Trojan. A backdoor program that disguises itself as a useful application (for example as a desktop clock that secretly allows remote access to the computer) is a hybrid between a backdoor and a Trojan. If such a program is terminated or even deleted, the secret backdoor function is no longer available.

Examples

A variant is permanently prescribed, in a system only the creator of the system known passwords installed, or other hidden features that access without the usual authentication enable. A well-known example of this is the hash code assigned by Award Software over several years , which is operated with the BIOS universal password "lkwpeter".

The software that enables remote access to the computer include B. Programs like Sub Seven and Back Orifice .

In 1999 a variable called NSAKEY was found in Windows and a backdoor was also suspected.

The routers from Cisco Systems , which handle large parts of the Internet traffic, are also provided with backdoors for US secret services.

The use of a back door in films such as WarGames and Jurassic Park was demonstrated to the public .

Protection against a backdoor through verifiability of the source code

In the case of software products, free access to their source code is an aspect of computer security. Among other things, it is important to minimize the risk that a product may contain functionalities that the user should not know about, such as the secret function of a backdoor.

Open-source software can be checked by the public to this effect and, in addition, examined for weaknesses using legally unobjectionable means, which can then be closed more quickly.

Limits

Open source software can be examined for secret functionalities and weak points by anyone with the appropriate expertise, but this does not mean that the mere availability of the source code is a guarantee that it has been adequately checked by the computer users. Long-term security gaps in open source software indicate this fact. In addition, a cleverly built back door is sometimes difficult to recognize, even with well-founded specialist knowledge. The time required for an analysis is often considerable with complex programs.

It is often difficult for the user to recognize whether the executable program obtained from an external source was actually created with the published source code or whether a back door was not previously installed or some other change was made. Here, too, it applies that with the appropriate expertise, at least the theory can be checked. In practice, however, this often turns out to be difficult, since the binary files created during compilation can be influenced by many factors, especially with larger code bases , and there is generally no reliable way of finding out under which conditions an existing executable file was created.

One way to secure this compiling step is to create reproducible builds . The software is compiled in a reproducible or deterministic way, so everyone can check by compiling their own that the compilation was built from the corresponding source code and that no backdoor was introduced during the build process.

In 1984, during his Turing Award speech , computer pioneer Ken Thompson presented an example of a back door that would be difficult to track down even with the source code available. We were talking about a login program for Unix that is being changed in such a way that it also accepts a general password in addition to the normal password. This backdoor can, as Thompson, an appropriately engineered C - compiler automatically add when compiling the login program, which provides the source code for the login program no evidence of tampering. The procedure could be shifted to another instance, which is responsible for translating the C compiler itself into an executable file, so that the manipulation would then no longer even be apparent from the source code of the C compiler.

See also

Web links

Wiktionary: back door  - explanations of meanings, word origins, synonyms, translations

Individual evidence

  1. ^ A b Robert C. Newman: Computer Security - Protecting digital Resources ; February 2009, ISBN 978-0-7637-5994-0 , excerpt from page 49: “Backdoor software tools allow an intruder to access a computer using an alternate entry method. Wheras legitimate users log in through front doors using a userid and password, attackers use backdoors to bypass these normal access controls. “, Books.google.de (complete online access to the quoted excerpt); Windows Vista Security ; O'Reilly Verlag, 2007, ISBN 978-3-89721-466-8 , excerpt page 105: "A backdoor is a back door to an application, a hidden access to a computer or an abbreviation through an authorization mechanism"; books.google.de (complete online access to the quoted excerpt).
  2. a b Privacy protection and computer forensics - second edition . ISBN 1-58053-830-4 , 2004, excerpt from page 250: “Openly available on the Internet is the following list of backdoor CMOS BIOS passwords: […] lkwpeter […]”, books.google.de (complete excerpt of the quoted Text).
  3. ^ Trojan horses ( memento of October 27, 2012 in the Internet Archive ), a brief description from the BSI
  4. Sönke Iwersen, Ina Karabasz, Jens Koenen, Susanne Metzger: Anger over a friend . In: Handelsblatt . No. 109 , June 11, 2013, ISSN  0017-7296 , p. 1, 4 .
  5. The open source IRC server UnrealIRCd contained a backdoor from November 2009 to June 2010 that allows strangers to execute commands with the rights of the UnrealRCd user on the server - message from heise Security , author Reiko Kaps, June 12, 2010.
  6. On May 13th, 2008 the Debian project announced that the OpenSSL package of the distributions since September 17th, 2006 (version 0.9.8c-1 to 0.9.8g-9) contained a security hole.
  7. Ken Thompson: Reflections on Trusting Trust . (PDF; 225 kB) Communications of the ACM, August 1984.