Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
CUSTOMER RELATIONSHIP MANAGEMENT NEWS. UPDATED 8 MINUTES AGO.
You are here: Home / Government / NSA Implicated in Juniper Backdoors
National Security Agency Implicated in Juniper Backdoor Vulnerabilities
National Security Agency Implicated in Juniper Backdoor Vulnerabilities
By Jef Cozza / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
DECEMBER
22
2015
Just days after the Internet began buzzing with the news that two backdoors had been discovered in the firewalls of Juniper Network’s popular networking devices, the culprit may have been found. And the evidence points to the NSA (National Security Agency), according to Ralf-Philipp Weinmann, a German computer security researcher.

One of the two backdoors, which Juniper announced it had discovered Thursday, potentially allow attackers to decrypt encrypted traffic passing through Juniper’s network devices. The backdoor is found in Juniper’s ScreenOS 6.3.0r12 and other affected firmware revisions, and looks suspiciously similar to the type of all-access key the NSA and other espionage agencies have been demanding tech companies install in their devices.

Evidence in the Dual_EC Algorithm

The evidence of the NSA’s role in compromising Juniper’s operating system stems from the way the backdoor works. ScreenOS uses the government-approved Dual_EC algorithm to generate the random numbers used to encrypt data traffic.

Suspicions that the Dual_EC algorithm might not be as strong as originally thought first appeared in 2007, when researchers were able to demonstrate that the random numbers it generated could be guessed by the party responsible for choosing the seed inputs used to generate the numbers.

Then in 2013, former NSA contractor and whistleblower Edward Snowden released documents that exposed the NSA’s Project BULLRUN initiative, which sought to sabotage security safeguards by either covertly influencing the product designs of tech companies or introducing weaknesses into industry standard tools. Specifically, the Snowden documents indicated that the NSA had sought to hobble Dual_EC’s ability to encrypt information.

Change Not Authorized by Juniper

In 2014 and 2015, researchers pointed out that the Dual_EC vulnerability introduced by the NSA could be exploited to provide a backdoor to encrypted traffic. Juniper had addressed the issue of the Dual_EC vulnerability in 2013 by saying that ScreenOS did not use it as its primary random number generator. Juniper also said that it used different seed inputs than those recommended by the National Institute of Standards and Technology as a way to subvert the NSA’s ability to unlock the backdoor.

However, Juniper apparently began shipping updated versions of ScreenOS on its devices in 2012 with different inputs than the company had originally selected. But that change was likely not authorized by Juniper, according to Weinmann. The company only realized that the inputs had been surreptitiously changed when it issued its security advisory last week, at which point researchers began looking more carefully at Dual_EC.

“This discovery was fairly quick after I realized that ScreenOS utilized OpenSSL as a crypto library underneath,” Weinmann said in a blog post. Weinmann added that whatever party had been able to change the input seeds prior to shipping also has access to other information needed to gain access to any data transmitted via Juniper's network equipment.

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
MORE IN GOVERNMENT
CRM DAILY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.