The Juniper VPN backdoor – Buggy code with a dose of shady NSA crypto
[h2]The Juniper VPN backdoor – Buggy code with a dose of shady NSA crypto[/h2]
Security researchers and crypto experts have spent the last few days trying to figure out the details of a recently announced backdoor in Juniper NetScreen firewalls that could allow attackers to decrypt VPN (Virtual Private Network) traffic. They believe that they found the answer: a combination of likely malicious third-party modifications and Juniper’s own crypto failures.
According to experts, Juniper was using a known flawed random number generator called Dual_EC_DRBG as the foundation for cryptographic operations in NetScreen’s ScreenOS, but believed it was doing so securely because of additional precautions it had taken. It turns out those safeguards were ineffective.
The VPN decryption issue was announced by Juniper Thursday along with another vulnerability that could provide attackers with administrative access to NetScreen devices through the use of a hard-coded master password. Both issues were the result of unauthorized code that was added to ScreenOS and were discovered during a recent internal code audit, the company said at the time.
Juniper released patched versions of the affected firmware, but didn’t publish details about the rogue code, its location or who might have added it. The FBI is reportedly investigating the incident.
The security community took it upon itself to reverse engineer the old firmware versions and Juniper’s new patches in order to dig up more information. Researchers soon found the hardcoded, but cleverly concealed, password for the administrative access backdoor and discovered that it affected fewer ScreenOS versions than initially believed.
Crypto specialists delved into the VPN issue, whose description made it more appealing to them, as the ability to spy on encrypted traffic is always a big deal.
It didn’t take long for someone to notice that Juniper’s latest patches reverted a parameter back to a value that the OS used before version 6.3.0r12, the first in the 6.3.0 branch that Juniper claims was affected by the VPN decryption issue.