Juniper Discovers Backdoor Code In Firewall

Tom Jowitt,

“Now how did that get there?” Juniper finds sneaky code in firewall kit and rushes out patch

Juniper Networks has urged customers to download a security patch after “unauthorised” backdoor code was discovered in its NetScreen firewalls that could allow spying on VPNs.

The company said it discovered the code during a “recent code review”, and there is no word on how the backdoor got there, who was responsible for it, or how long it has been in place.

Backdoor Code

Juniper made the announcement of the backdoor discovery in a blog posting by Bob Worrall, SVP and Chief Information Officer.

The company warned the flaw surreptitiously decrypts traffic sent through virtual private networks.

“Juniper is committed to maintaining the integrity and security of our products and wanted to make customers aware of critical patched releases we are issuing today to address vulnerabilities in devices running ScreenOS software,” wrote Worrall.

NSA backdoor broken packlock encryption security © keantian Shutterstock“During a recent internal code review, Juniper discovered unauthorised code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” he warned.

“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS,” he wrote. “At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.”

Worrall said further information about the update can be found the company’s Security Incident Response website.

Juniper said that it “strongly recommend” that customers apply the update to their systems with the “highest priority”.  The backdoor vulnerability affects all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

The flaw does not affect SRX or any other Junos-based system.

Who Did It?

The discovery of the “unauthorised” VPN-breaking code will no doubt raise questions as to who placed the code there. Fingers will likely be pointed at the NSA or another similar intelligence organisation in light of the Edward Snowden revelations.

Indeed, Snowden revealed that NSA agents had intercepted network gear from Cisco Systems as it was shipped to a customer and installed covert firmware.

Unfortunately, it may never be discovered who installed this particular backdoor into the Juniper firewalls, and it should be noted that backdoors in tech kit are not exactly uncommon.

Are you a security pro? Try our quiz!