Security.com

backdoor (computing)

By Ben Lutkevich

What is a backdoor?

A backdoor attack is a way to access a computer system or encrypted data that bypasses the system's customary security mechanisms. A developer may create a backdoor so that an application, operating system (OS) or data can be accessed for troubleshooting or other purposes. Attackers make use of backdoors that software developers install, and they also install backdoors themselves as part of a computer exploit.

Whether added as an administrative tool, a means of attack or a mechanism allowing the government to access encrypted data, all backdoor installation is a security risk. Threat actors are always looking for these sorts of vulnerabilities to take advantage of.

What is a backdoor attack?

A backdoor attack occurs when threat actors create or use a backdoor to gain remote access to a system. These attacks let attackers gain control of system resources, perform network reconnaissance and install different types of malware. In some cases, attackers design a worm or virus to take advantage of an existing backdoor created by the original developers or from an earlier attack.

To illustrate how backdoors undermine security systems, consider a bank vault that is protected with several layers of security. It has armed guards at the front door, sophisticated locking mechanisms and biometric access controls that make it impossible to access without proper authorization. However, a backdoor that bypasses these measures, such as a large ventilation shaft, makes the vault vulnerable to attack.

The malicious actions threat actors perform once they access a system include the following:

The consequences of a backdoor attack vary. In some cases, they can be immediate and severe and result in a data breach that harms customers and the business. In other cases, the effect shows up later, as the attacker uses the backdoor first for reconnaissance and returns later to execute a series of direct attacks.

Backdoor attacks can be large-scale operations, targeting government or enterprise IT infrastructure. However, smaller attacks are used to target individuals and personal computing implementations.

Advanced persistent threats are sophisticated cyber attacks that might use a backdoor to attack a system on multiple fronts. With these sorts of attacks, the backdoor could remain in the system for a long time.

How do backdoors work?

In the context of an attack, backdoors are hidden mechanisms attackers use to access a system without authentication. However, vendors sometimes create backdoors for legitimate purposes, such as restoring a user's lost password or providing government entities with access to encrypted data. Other backdoors are created and installed nefariously by hackers. Developers sometimes use backdoors during the development process and don't remove them, leaving them as a potential vulnerability point.

Malware can also act as a backdoor. In some cases, malware is a first-line backdoor, where it provides a staging platform for downloading other malware modules that perform an actual attack. With this type of attack, threat actors install a web shell to establish a backdoor on targeted systems and obtain remote access to a server. The attacker uses a command-and-control server to send commands through the backdoor to sensitive data or otherwise cause harm.

Encryption algorithms and networking protocols can contain backdoors. For example, in 2016, researchers described how the prime numbers in encryption algorithms could be crafted to let an attacker factor the primes and break the encryption.

In 2014, an approach to random number generation called Dual Elliptic Curve Deterministic Random Bit Generator, or Dual_EC_DRBG, was found to contain a fault that made its resulting random seed numbers predictable. Some security experts speculated that the U.S. National Security Agency (NSA) allowed Dual_EC_DRBG to be used, even though it knew about the weakness, so the agency could use it as a backdoor. This accusation has not been proven.

Types of backdoor attacks

Various types of malware are used in backdoor attacks, including the following:

Various attack vectors are used to install backdoors, such as the following:

Detection and prevention

Backdoors are designed to be hidden from most users. They are hidden using alias names, code obfuscation and multiple layers of encryption. This makes backdoors difficult to detect. Detection and prevention methods include the following tools and strategies:

Famous backdoor attacks

There have been a number of high-profile backdoor attacks in recent years, including the following:

Backdoors aren't always software-based, and they aren't always created by rogue hackers. In 2013, the German news outlet Der Spiegel reported that the NSA's Tailored Access Operations unit maintained a catalog of backdoors to implant in firewalls, routers and other devices to be used overseas. The NSA also allegedly incorporated backdoor capabilities into individual hardware components, such as hard drives and even USB cables.

Malware and ransomware are two common cyber threats used in backdoor attacks. Learn more about these two attack types and why ransomware is so pervasive.

24 Jan 2023

All Rights Reserved, Copyright 2000 - 2024, TechTarget | Read our Privacy Statement