Juniper Says It Didn’t Work With Government To Add ‘Unauthorized Code’ To …

23 Dec 2015 | Author: | No comments yet »

Juniper Finds Backdoor In NetScreen Firewalls, Possibly Already Exposed By NSA Whistleblower In 2013.

Juniper, a major manufacturer of networking equipment, said on Thursday it found spying code planted in certain models of its firewalls, an alarming discovery that echoes of state-sponsored tampering.Customers of Juniper Networks have been urged to patch up a flaw in the company’s NetScreen firewall that could enable hackers to eavesdrop on VPN connections.Juniper Networks announced that its ScreenOS operating system, which is used to manage NetScreen firewalls sold by the company, was found to contain “unauthorized code” (backdoor) that would give an attacker complete control over the system, as well as the capability to decrypt VPN connections undetected.

Juniper Networks is warning customers to patch their NetScreen enterprise firewalls against bad code that enables attackers to take over the machines and decrypt VPN traffic among corporate sites and with mobile employees. The affected products are those running ScreenOS, one of Juniper’s operating systems that runs on a range of appliances that act as firewalls and enable VPNs.

The firm said it discovered the problem during a “recent code review”, although Juniper did not say how the backdoor occurred or how long it had been present. Systems such as SWIFT (Society for Worldwide Interbank Financial Telecommunication), which allow banks to exchange financial transaction information with each other, are protected by NetScreen firewalls. He added that the firm had not received any reports of these vulnerabilities being exploited. “However, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.” The security advisory described how a hacker could gain unauthorised remote administrative access to the device over SSH or telnet. “Exploitation of this vulnerability can lead to complete compromise of the affected system,” the advisory stated. “Upon exploitation of this vulnerability, the log file would contain an entry that ‘system’ had logged on followed by password authentication for a username.” The advisory noted that a skilled attacker would likely remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised.

Juniper said that the NetScreen firewalls running ScreenOS 6.2.0r15 through 6.2.0r18, and 6.3.0r12 through 6.3.0r20, have been impacted by the malware, and they require immediate patching. VPNs are encrypted connections between a user and another computer and are often used by companies to allow secure remote access to their systems for employees who are traveling.

The malware in question sounds quite similar to the NSA backdoor uncovered in classified NSA documents sent to Der Spiegel two years ago by an unnamed whistleblower (possibly not Snowden): “In the case of Juniper, the name of this particular digital lock pick is ‘FEEDTROUGH.’ This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers. Thanks to FEEDTROUGH, these implants can, by design, even survive ‘across reboots and software upgrades.’ In this way, U.S. government spies can secure themselves a permanent presence in computer networks.

The compromise of such a prominent vendor with code specifically designed for spying echoes operations by the NSA described in documents leaked in 2013 by former contractor Edward Snowden. If it is the same backdoor, then Juniper will have to say why it has waited two years before investigating the information from Der Spiegel’s documents and potentially finding this vulnerability much earlier.

We’ve contacted Juniper Networks for a response, and this was the reply: During a recent internal code review, Juniper discovered unauthorized code in ScreenOS® that could allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic. It is independent of the first issue. “There is no way to detect that this vulnerability was exploited.” How did this bad code get into ScreenOS: Juniper hasn’t said. Some point to documents stolen by Edward Snowden that say the NSA had hardware and software that targeted NetScreen devices and could persist through reboots and upgrades.

Here you can write a commentary on the recording "Juniper Says It Didn’t Work With Government To Add ‘Unauthorized Code’ To …".

* Required fields
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site