Juniper Finds ‘Unauthorized Code’ in Firewall, VPN OS

23 Dec 2015 | Author: | No comments yet »

Firewall Breached – Juniper Releases Fix Patches.

Juniper, a major manufacturer of networking equipment, said on Thursday it found spying code planted in certain models of its firewalls, an alarming discovery that echoes of state-sponsored tampering.

The company has released a patch for the vulnerability for NetScreen devices, but given there’s no way to detect the attack and Juniper only just realized this code exists, it’s a big ask for customers to trust that there isn’t other code it doesn’t know about as well.That’s the question everyone’s asking after the company disclosed that someone inserted code into the operating system of its Netscreen firewall and virtual private network products that would give an attacker the ability to capture and decrypt connections that are supposed to be secure.

The affected products are those running ScreenOS, one of Juniper’s operating systems that runs on a range of appliances that act as firewalls and enable VPNs. Juniper also noted in its statement that the company has already reached out to affected customers, strongly recommending that they update their systems and apply the patched releases with the highest priority. Someone, somehow, inserted the renegade code, essentially creating a secret back door into Juniper’s products — a back door that only someone in the know would be able to use.

Juniper has not revealed how the “unauthorized code” came to be in its ScreenOS source code, but judging that nine years have passed, if the company’s developers did not employ a VCS (version control system), it will be hard to track down the culprit. Although log files would reflect a login attempt, “a skilled attacker would likely remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised,” Juniper wrote. VPNs are encrypted connections between a user and another computer and are often used by companies to allow secure remote access to their systems for employees who are traveling. Interestingly, the compromise of Juniper’s software by malicious code inserted explicitly for spying purposes echoes the tactics described by whistleblower Edward Snowden in documents leaked to the press in 2013.

A report in German publication Der Spiegel said that the NSA has used persistent malware to burrow into Juniper’s firewalls and install NSA programs into the firm’s computers. If they don’t know who this was, then they have lost control of the integrity of their OS.” Wysopal’s observation pretty much gets to the heart of the matter. If Juniper doesn’t have a record of who changed its code, then how can it know that its code isn’t being changed by unauthorized parties all the time?

The company says in its disclosure that four versions of ScreenOS are affected and require updates with patched versions of the software issued yesterday. It’s described in a catalog of devices and software used by an NSA division called ANT as a “persistence technique for two software implants … used against Juniper Netscreen Firewalls.” Juniper’s disclosures describe two bits of inserted code.

Here you can write a commentary on the recording "Juniper Finds ‘Unauthorized Code’ in Firewall, VPN OS".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site