Juniper Discovers Backdoor Code In Firewall

Juniper Networks has urged customers to download a security patch after “unauthorised” backdoor code was discovered in its NetScreen firewalls that could allow spying on VPNs.

The company said it discovered the code during a “recent code review”, and there is no word on how the backdoor got there, who was responsible for it, or how long it has been in place.

Backdoor Code

Juniper made the announcement of the backdoor discovery in a blog posting by Bob Worrall, SVP and Chief Information Officer.

The company warned the flaw surreptitiously decrypts traffic sent through virtual private networks.

“Juniper is committed to maintaining the integrity and security of our products and wanted to make customers aware of critical patched releases we are issuing today to address vulnerabilities in devices running ScreenOS software,” wrote Worrall.

“During a recent internal code review, Juniper discovered unauthorised code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” he warned.

“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS,” he wrote. “At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority.”

Worrall said further information about the update can be found the company’s Security Incident Response website.

Juniper said that it “strongly recommend” that customers apply the update to their systems with the “highest priority”.  The backdoor vulnerability affects all NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

The flaw does not affect SRX or any other Junos-based system.

Who Did It?

The discovery of the “unauthorised” VPN-breaking code will no doubt raise questions as to who placed the code there. Fingers will likely be pointed at the NSA or another similar intelligence organisation in light of the Edward Snowden revelations.

Indeed, Snowden revealed that NSA agents had intercepted network gear from Cisco Systems as it was shipped to a customer and installed covert firmware.

Unfortunately, it may never be discovered who installed this particular backdoor into the Juniper firewalls, and it should be noted that backdoors in tech kit are not exactly uncommon.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

6 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

9 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

10 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

11 hours ago