Juniper breach reflects risk of 'back doors' – researchers


  • TECH
  • Friday, 25 Dec 2015

Backdoor danger: A woman at an Internet cafe in China. Technology companies have fiercely resisted limiting the use of encryption or providing special government access, saying it is technically unfeasible and undermines customer privacy.

WASHINGTON: A Juniper Networks Inc software coding vulnerability disclosed last week shows the dangers of any weaknesses built into encryption technology, according to computer security experts.

The apparent "back door" in Juniper's routers, which direct digital traffic around the Internet, could only have been planted by a handful of governments due to its sophistication, researchers said this week.

A growing number of US presidential candidates and policymakers are clamouring for access to encrypted data, arguing that secrecy in communications helps criminals conceal their plots.

Technology companies have fiercely resisted limiting the use of encryption or providing special government access, saying it is technically unfeasible and undermines customer privacy.

Democratic presidential frontrunner Hillary Clinton on Dec 19 called for greater collaboration between Silicon Valley and government codebreakers, as the attacks in Paris and San Bernardino, California, renewed questions about the potential use of encryption by violent extremists.

Federal officials are investigating the Juniper breach, as the US Government relies on the Sunnyvale, California-based company's software in some of its networks.

It is unclear how the Juniper vulnerability was planted or by whom. The company used a cryptography standard developed and promoted by the National Security Agency.

But Microsoft Corp researchers determined in 2007 that the technology was flawed because the output of its random number generator could be predicted, enabling the system's designers or others to break the encryption.

Many researchers believe files released by former NSA contractor Edward Snowden show the flaw was a deliberate effort by the spy agency to maintain eavesdropping capabilities. 

Juniper developed an alternate standard, but it was still based on the flawed one pushed by the NSA, which paved the way for the security hole announced last week.

"If this really was intended as a 'nobody but us' back door and then subverted by a nation state, that's a tricky place for policymakers," said Dave Palmer, director of technology for the cybersecurity firm Darktrace. The Juniper incident demonstrates that no back door is "absolutely bulletproof" to hackers, the former security analyst at the British spy agency GCHQ added.

"Whenever you build in access, you're running a risk ... that access will be misused," said Stewart Baker, former general counsel at the NSA who now is a partner at Steptoe & Johnson. "The question here is, is this a risk that ought to be managed or should we refuse to accept it at all?" — Reuters

Article type: metered
User Type: anonymous web
User Status:
Campaign ID: 1
Cxense type: free
User access status: 3
Subscribe now to our Premium Plan for an ad-free and unlimited reading experience!
   

Next In Tech News

US state utility’s new drone can speed hurricane recovery
Tencent stops sales on its NFT platform Huanhe a year after launch as scrutiny mounts
Cryptoverse: Electric ether leaps on verge of Merge
Apple lays off recruiters as part of its slowdown in hiring
Esports: Scalpers mark up prices for Dota 2’s TI11 tickets; lawyer warns of possible offences
South Africa’s ‘silent revolution’ as those with cash go solar
Peloton, Calm and�LinkedIn add to growing list of tech layoffs
Twitter has to give Elon Musk only one bot checker’s data: its ex-product head
Elliott exited Twitter during second quarter amid takeover frenzy, filings show
Opinion: Why the six things you tell your teen about screen time may be missing the mark

Others Also Read