Backdoor

A Backdoor in the world of cybersecurity refers to the strategy used to get around normal security measures and gain privileged user access on a computer system, network, or software application. Backdoors are used by both authorized users, and unauthorized users (hackers and Nation States). The unauthorized users, if they discover this backdoor (or in some cases have it planted there to begin with), can steal sensitive data, install additional malware, and hijack devices. When backdoors are not already built into a device by the manufacturer, they are installed by cyber criminals through phishing or social engineering tactics which convince employees to download and install backdoor malware software onto their computer. 

Backdoors can also be inserted by hardware manufacturers as a deliberate means of gaining access to their technology once deployed. This can be used benignly to assist customers who are locked out of devices or for troubleshooting software issues that arise.  It can also be used maliciously by nation states.  There are many articles below citing both CISCO (US Company) and Huawei (Chinese company) allegedly building backdoors into their hardware products.

Most troubling of all, recent disclosures by Edward Snowden revealed that the NSA may have built a backdoor into Elliptic Curve Cryptography essentially undermining the confidence and trust built into our encryption algorithms.  These backdoors allegedly allowed the NSA to spy on encrypted communications around the world.

Source: Malwarebytes, CyberHoot

Additional Reading:

Sinister Secret Backdoor Found in CISCO Equipment 2019-05-02

Backdoors keep appearing in CISCO Devices (2018-07-19)

5G Huwai Equipment Banned because US Knows how Tempting Backdoors can Be

US finds Huawei has backdoor access to its 5G Networks

What does this mean for an SMB?

The hard part about defending against this vulnerability is that the manufacturer may not be aware of a backdoor in their hardware or software that occurs from a vulnerability.  Other times, they are forced to place the vulnerability there by the nation state within which they operate. This may make you feel uneasy as an SMB owner, but there are some practices that can protect you from some of these types of backdoors: 
  1. Monitor network activity. There are often unusual data spikes when an attacker is gaining access to your system through a backdoor. A firewall can track the inbound and outbound activity on the applications installed on your devices. 
  2. Install applications and plugins from a reputable source. Hackers will often hide backdoors within free applications or web browser plugins, so it is smart to ensure the installs are coming from a reputable source. An easy way to ensure employees aren’t accidentally installing malware is by limiting administrator rights
  3. Use a password manager with complex 14+ character passwords or passphrases. Using weak and simple passwords can open an unintentional backdoor for attackers. 
  4. Enable two-factor authentication wherever possible.
  5. Block all remote access into your network in your firewall if it is not needed.
Ultimately, if a nation state wants into your network, they will likely gain such access.  The above measures along with Training and Governance Policies should help your SMB stay safe from everyone else trying to break in.

NSA Backdoor? Yes.

Huawei Backdoor? Yes.

Share this on your social networks. Help Friends, Family, and Colleagues become more aware and secure.