Spartak - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Risk & Repeat: Backdoor access, strong encryption debate rolls on

Listen to this podcast

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the FBI's continued criticism of encrypted devices and the risks of vendor-created backdoor access points.

The discussion over backdoor access in IT products received more fodder this year thanks to the FBI and Lenovo.

First, FBI Director Christopher Wray said that encrypted devices that can't be unlocked by law enforcement are a "public safety issue." Speaking at the FBI International Conference on Cyber Security earlier this month, he said the FBI currently possesses nearly 7,800 locked devices that it can't access despite having warrants. While Wray said the FBI is not looking for backdoor access to devices, he criticized the technology industry for not pursuing a "responsible solution" to the problem.

Then, shortly after Wray's comments, Lenovo issued a security advisory announcing it had found an authentication bypass mechanism in the Enterprise Networking Operating System (ENOS) software that runs some of the computer-maker's switches.

The bigger problem, according to the security advisory, was that the mechanism was named HP backdoor; Lenovo discovered it had been placed in ENOS in 2004 when the software was owned by Nortel Networks following a request from a Nortel OEM customer. However, it's unclear why Nortel decided to add a backdoor into the OS and if HP refers to Hewlett Packard Enterprise.

Lenovo's security advisory adds a wrinkle to the debate over strong encryption. Does Wray's criticism of technology companies have merit? How could the HP backdoor go unnoticed for so long? How common are vendor-created backdoor access points in popular technology products? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Is your organization concerned about vendor-created backdoors in the products you use? Why or why not?
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly.com

Close