Backdoor
|
- This article is about hidden backdoors into computer systems. For other uses, see Backdoor (disambiguation).
A backdoor in a computer system (or a cryptosystem, or even in an algorithm) is a method of bypassing normal authentication or obtaining remote access to a computer, while intended to remain hidden to casual inspection. The backdoor may take the form of an installed program (e.g., Back Orifice) or could be a modification to a legitimate program.
A backdoor in a login system could take the form of a hard-coded user and password combination which gives access to the system. A famous example of this was used as a plot device in the 1983 film WarGames, wherein the designer of a computer system (the 'WOPR') had inserted an undocumented password (named after his son) which gave the user access to the system and to undocumented aspects of its behavior (a video game like simulation mode).
An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change could be. In this case a two-line change took the form of an apparent typographical error, which in practice gave the caller to the sys_wait4 function root access to the machine (see the external link below).
The prevalence of backdoors in proprietary software systems (those supplied without source code that can be inspected) is a topic of speculation, but they have been occasionally exposed in practice. Programmers have succeeded in secretly installing even large amounts of code as Easter eggs in programs without detection, though in these cases there may be official forebearance if not permission.
It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust.
Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running insecure versions of Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk email from the infected machines.
The classic "Trusting Trust" backdoor
"Trusting Trust" was the first major paper to describe black box backdoor issues, and point out that trust is relative. It described a very clever classic backdoor mechanism based upon the fact that people only review source (human written) code, and not compiled (machine) code. A program called a compiler is used to create the second from the first, and it is trusted to do an honest job.
This paper therefore described how a modified version of the UNIX C compiler could be told specifically to:
- Put an invisible backdoor in the Unix Login command when compiled, and as a twist
- Also add this feature undetectably to future compiler versions upon their compilation as well.
Because the compiler itself was a compiled program, this extra functionality would never be noticed, and likewise would not be noticed in software created by it. (This version was never released into the wild.)
External links
- Reflections on Trusting Trust (http://www.acm.org/classics/sep95/)
- linux-kernel post regarding sys_wait4 backdoor (http://www.ussg.iu.edu/hypermail/linux/kernel/0311.0/0635.html); 5 November 2003; Larry McVoy
- Thwarted Linux backdoor hints at smarter hacks (http://www.securityfocus.com/news/7388); Kevin Poulsen; 6 November 2003; SecurityFocus
- Tiny SHell, a portable UNIX backdoor with AES encryption (http://www.cr0.net:8040/code/network/)
- Backdoors removal (http://www.2-spyware.com/backdoors-removal) — List of backdoors and their removal instructions.de:Backdoor