Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

The 7 security backdoors that helped kill faith in security

John E Dunn | Feb. 1, 2016
Backdoors are surrounded by mystery, intrigue and excitement. They might also be ubiquitous

What can be inferred from the trickle of revelations such as Edward Snowden is that noteworthy - BIG - backdoors are not only more common than was previously thought but might even be in almost everything. To assume otherwise requires quite a leap of faith. Many of these are not used to spy on the general public and are part of the geo-politics of spying between governments but it implies a world in which absolute security has become moot.

In the 1950s, Americans worried about a world in which J Edgar Hoover was on the wiretap. He merely kicked off a world that is still forming.

NSA Clipper Chip, 1993

The most reviled backdoor in history, the NSA's infamous Clipper chip, endorsed by the Clinton administration, still gets people's backs up more than two decades on from its heyday. In 1993, encryption was new and strange. Few used it but the experts and Government spooks could, however, imagine a world in which they might. Their answer was to neuter the possibility of unbreakable security with an escrow-based system based around the Clipper chip that would cache keys. Assuming anyone had agreed to use it the NSA would have had a ready means to decrypt any content.

As Whitfield Diffie, creator of the famous Diffie-Hellman key exchange protocol observed at the time, the problem with building in backdoors is that they are deliberate weaknesses. Should a third-party find them they become less a backdoor than an open one.

Borland InterBase backdoor, 2001

This weakness in the firm's InterBase database was essentially a secret backdoor account that allowed anyone with knowledge of it access to data. Making the serious comic, the username and password in question were 'politically' and 'correct'. At the time, the assessment was that while deliberate the hole was probably put there by one or a small number of programmers as a convenience. But we've included it because the fact that perhaps only one person knew about it doesn't mitigate its seriousness for the seven years until it was discovered.

Huawei v the US, 2011

The huge Chinese equipment maker spent millions trying to reform its image after being accused of building backdoors into its telecoms equipment. In 2012 a US Congressional investigation concluded that the firm (and mobile vendor ZTE) should be banned from the world's largest market over state surveillance worries. In the UK BT had been installing Huawei equipment since 2007 so it was all too late to do much about it beyond GCHQ setting up a special unit to monitor its systems in cooperation with the company itself.

Irony or all ironies, a Snowden leak then suggested that the NSA's Tailored Access Operations (TAO) had set up an operation to spy on Huawei to work out how far any collusion went.

 

Previous Page  1  2  3  4  Next Page 

Sign up for CIO Asia eNewsletters.