Firewalls backdoor-ed!

Juniper released a statement saying:
... attackers could exploit the “unauthorized code” in order “to gain administrative access to NetScreen devices and to decrypt VPN connections, and then wipe the logs to remove any trace of a compromise
Let's take a minute and understand the gravity of the matter.

  • Clearly a state sponsored group of hackers, managed to sneak their code to Juniper 
  • This bypassed all internal checks from Juniper, and got released on all their Netscreen devices.
  • This went unnoticed for 3-ish years
  • Meaning, anyone using their hardware could have been eavesdropped upon, in the last 3 years. And best part - they could have done this without getting detected, and without leaving any logs behind!

Update 22-Dec-2015:
More details released, the hard-coded password is:     <<< %s(un='%s') = %u

Update 22-Jan-2016:
Backdoors found on Fortinet firewalls as well!

No comments: