Backdoor (computing)

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device (e.g. a home router), or its embodiment (e.g. part of a cryptosystem, algorithm, chipset, or even a "homunculus computer"—a tiny computer-within-a-computer such as that found in Intel's AMT technology).[1][2] Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

In the United States, the 1994 Communications Assistance for Law Enforcement Act forces internet providers to provide backdoors for government authorities.[3][4] In 2024, the U.S. government realized that China had been tapping communications in the U.S. using that infrastructure for months, or perhaps longer;[5] China recorded presidential candidate campaign office phone calls —including employees of the then-vice president of the nation– and of the candidates themselves.[6]

A backdoor may take the form of a hidden part of a program,[7] a separate program (e.g. Back Orifice may subvert the system through a rootkit), code in the firmware of the hardware,[8] or parts of an operating system such as Windows.[9][10][11] Trojan horses can be used to create vulnerabilities in a device. A Trojan horse may appear to be an entirely legitimate program, but when executed, it triggers an activity that may install a backdoor.[12] Although some are secretly installed, other backdoors are deliberate and widely known. These kinds of backdoors have "legitimate" uses such as providing the manufacturer with a way to restore user passwords.

Many systems that store information within the cloud fail to create accurate security measures. If many systems are connected within the cloud, hackers can gain access to all other platforms through the most vulnerable system.[13] Default passwords (or other default credentials) can function as backdoors if they are not changed by the user. Some debugging features can also act as backdoors if they are not removed in the release version.[14] In 1993, the United States government attempted to deploy an encryption system, the Clipper chip, with an explicit backdoor for law enforcement and national security access. The chip was unsuccessful.[15]

Recent proposals to counter backdoors include creating a database of backdoors' triggers and then using neural networks to detect them.[16]

  1. ^ Cite error: The named reference Eckersley-2017 was invoked but never defined (see the help page).
  2. ^ Cite error: The named reference Hoffman-2017 was invoked but never defined (see the help page).
  3. ^ "The 30-year-old internet backdoor law that came back to bite". 7 October 2024.
  4. ^ Michael Kan (7 October 2024). "Chinese Hackers Reportedly Breached ISPs Including AT&T, Verizon". PC Magazine. Retrieved 8 October 2024. privacy researchers to call out the US government for maintaining a confidential "backdoor" to enable internet-based wiretapping. "Case in point: there's no way to build a backdoor that only the 'good guys' can use," tweeted Meredith Whittaker, president of the encrypted chat app Signal
  5. ^ Sarah Krouse; Dustin Volz; Aruna Viswanatha; Robert McMillan (5 October 2024). "U.S. Wiretap Systems Targeted in China-Linked Hack". Wall Street Journal. Retrieved 8 October 2024. For months or longer, the hackers might have held access to network infrastructure used to cooperate with lawful U.S. requests for communications data
  6. ^ Dustin Volz (2 November 2024). "Chinese Hackers Stole Phone Audio From Both Harris and Trump Campaigns". Wall Street Journal. Retrieved 3 November 2024. targeted the phones of former President Donald Trump, his running mate, JD Vance, and people affiliated with Vice President Kamala Harris's presidential campaign
  7. ^ Cite error: The named reference Wysopal-Eng was invoked but never defined (see the help page).
  8. ^ Cite error: The named reference Zetter-2013 was invoked but never defined (see the help page).
  9. ^ Cite error: The named reference Ashok-2017 was invoked but never defined (see the help page).
  10. ^ Cite error: The named reference Microsoft-Back-Doors was invoked but never defined (see the help page).
  11. ^ Cite error: The named reference Ars-Technica-2017 was invoked but never defined (see the help page).
  12. ^ Cite error: The named reference Backdoors-and-Trojan-Horses was invoked but never defined (see the help page).
  13. ^ Cite error: The named reference Linthicum was invoked but never defined (see the help page).
  14. ^ Cite error: The named reference Bogus-story was invoked but never defined (see the help page).
  15. ^ Cite error: The named reference Clipper-a-failure was invoked but never defined (see the help page).
  16. ^ Cite error: The named reference Menisov-2022 was invoked but never defined (see the help page).

From Wikipedia, the free encyclopedia · View on Wikipedia

Developed by Nelliwinne