National Security Agency Implicated in Juniper Backdoor Vulnerabilities
Just days after the Internet began buzzing with the news that two backdoors had been discovered in the firewalls of Juniper Network’s popular networking devices, the culprit may have been found. And the evidence points to the NSA (National Security Agency), according to Ralf-Philipp Weinmann, a German computer security researcher.
One of the two backdoors, which Juniper announced it had discovered Thursday, potentially allow attackers to decrypt encrypted traffic passing through Juniper’s network devices. The backdoor is found in Juniper’s ScreenOS 6.3.0r12 and other affected firmware revisions, and looks suspiciously similar to the type of all-access key the NSA and other espionage agencies have been demanding tech companies install in their devices.
Evidence in the Dual_EC Algorithm
The evidence of the NSA’s role in compromising Juniper’s operating system stems from the way the backdoor works. ScreenOS uses the government-approved Dual_EC algorithm to generate the random numbers used to encrypt data traffic.
Suspicions that the Dual_EC algorithm might not be as strong as originally thought first appeared in 2007, when researchers were able to demonstrate that the random numbers it generated could be guessed by the party responsible for choosing the seed inputs used to generate the numbers.
Then in 2013, former NSA contractor and whistleblower Edward Snowden released documents that exposed the NSA’s Project BULLRUN initiative, which sought to sabotage security safeguards by either covertly influencing the product designs of tech companies or introducing weaknesses into industry standard tools. Specifically, the Snowden documents indicated that the NSA had sought to hobble Dual_EC’s ability to encrypt information.
Change Not Authorized by Juniper
In 2014 and 2015, researchers pointed out that the Dual_EC vulnerability introduced by the NSA could be exploited to provide a backdoor to encrypted traffic. Juniper had addressed the issue of the Dual_EC vulnerability in 2013 by saying that ScreenOS did not use it as its primary random number generator. Juniper also said that it used different seed inputs than those recommended by the National Institute of Standards and Technology as a way to subvert the NSA’s ability to unlock the backdoor.
However, Juniper apparently began shipping updated versions of ScreenOS on its devices in 2012 with different inputs than the company had originally selected. But that change was likely not authorized by Juniper, according to Weinmann. The company only realized that the inputs had been surreptitiously changed when it issued its security advisory last week, at which point researchers began looking more carefully at Dual_EC.
“This discovery was fairly quick after I realized that ScreenOS utilized OpenSSL as a crypto library underneath,” Weinmann said in a blog post. Weinmann added that whatever party had been able to change the input seeds prior to shipping also has access to other information needed to gain access to any data transmitted via Juniper's network equipment.
Read more on: Juniper
, Network Security
, Data Security
, Edward Snowden
, Technology News
, Top Tech News