Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The Juniper VPN backdoor: buggy code with a dose of shady NSA crypto

Lucian Constantin | Dec. 23, 2015
Or, how one backdoor was actually two

Juniper did not immediately respond to a request for comment.

According to Green, even if Juniper did not intentionally introduced this vulnerability, it is a great example of what could happen if law enforcement authorities in the U.S. get their way and force vendors to backdoor their encryption implementations so that communications can later be lawfully intercepted.

"The problem with cryptographic backdoors is not that they're the only way that an attacker can break intro our cryptographic systems," Green said. "It's merely that they're one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes."

"What this vulnerability tells us is that these concerns are no longer theoretical," he said. "If encryption backdoors are indeed in our future, then all of our jobs just got harder."

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.