Juniper Discovers Backdoor Code In Firewall

Juniper Networks has urged customers to download a security patch after “unauthorised” backdoor code was discovered in its NetScreen firewalls that could allow spying on VPNs.

The company said it discovered the code during a “recent code review”, and there is no word on how the backdoor got there, who was responsible for it, or how long it has been in place.

Backdoor Code

Juniper made the announcement of the backdoor discovery in a blog posting by Bob Worrall, SVP and Chief Information Officer.

The company warned the flaw surreptitiously decrypts traffic sent through virtual private networks.

“Juniper is committed to maintaining the integrity and security of our products and wanted to make customers aware of critical patched releases we are issuing today to address vulnerabilities in devices running ScreenOS software,” wrote Worrall.

“During a recent internal code review, Juniper discovered unauthorised code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” he warned.

“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS,” he wrote. “At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.”

Worrall said further information about the update can be found the company’s Security Incident Response website.

Juniper said that it “strongly recommend” that customers apply the update to their systems with the “highest priority”.  The backdoor vulnerability affects all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

The flaw does not affect SRX or any other Junos-based system.

Who Did It?

The discovery of the “unauthorised” VPN-breaking code will no doubt raise questions as to who placed the code there. Fingers will likely be pointed at the NSA or another similar intelligence organisation in light of the Edward Snowden revelations.

Indeed, Snowden revealed that NSA agents had intercepted network gear from Cisco Systems as it was shipped to a customer and installed covert firmware.

Unfortunately, it may never be discovered who installed this particular backdoor into the Juniper firewalls, and it should be noted that backdoors in tech kit are not exactly uncommon.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Apple Sales Rise 6 Percent After Early iPhone 16 Demand

Fourth quarter results beat Wall Street expectations, as overall sales rise 6 percent, but EU…

22 hours ago

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

23 hours ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

24 hours ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago