SUNNYVALE, Calif. – The U.S. government and Juniper Networks Inc. are investigating unauthorized code that was embedded in software from Juniper the company.
Experts suggested it could be a “back door” used to spy on users through their devices, Reuters reported on Friday, a day after the tech giant announced that the code had been inserted in an operating system working on some of its firewalls. The FBI is currently probing the matter, CNN reported on Friday.
We are talking about a fundamental piece of networking equipment used for the security of corporate and government systems worldwide.
The code has been running on several versions of the company’s ScreenOS software since August 2012 and it could have allowed attackers to control Juniper NetScreen’s firewalls running the affected software and unscramble encrypted communications.
Moreover, if the attackers had significant skills and resources, they could have been able to decrypt traffic running through the Virtual Private Network on the firewalls.
However, Juniper said on Thursday it has not received any report indicating that hackers were exploiting those vulnerabilities, but it still advised customers to set as top priority the update of their systems to the latest version.
“On behalf of the entire Juniper Security Response Team, please know that we take this matter very seriously and are making every effort to address these issue”, wrote Bob Worrall, Juniper’s SVP Chief Information Officer. He offered further information and guidance through the company’s Security Incident Response website.
The vulnerable firewalls are those using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. Yesterday the firm released patches for the software and strongly recommended customers to install them urgently.
The issue is so alarming because at least one of the backdoors is likely to have been worked through by a sophisticated nation-state attacker. “The weakness in the VPN itself that enables passive decryption is only of benefit to a national surveillance agency like the British, the US, the Chinese, or the Israelis”, commented Nicholas Weaver, a researcher at the International Computer Science Institute and UC Berkeley. He said that wiretaps on the Internet were needed to make significant changes in the software.
Furthermore, one of the backdoors, a hardcoded master password that the attackers left behind in Jupiter’s software, will allow anyone to take control of Juniper firewalls that are not patched by administrators, once the attackers have examined Juniper’s code and discovered the password.
The patch Juniper released provides hints about the exact location of the master password backdoor in the software, according to Ronald Prins, founder and CTO of the Dutch security firm Fox-IT. He claimed that analysts at his company managed to find the password in just six hours after reverse-engineering the firmware on a Juniper firewall.