Black Hat : Beware of Cylons at the Back Door

Application back doors aren’t just the stuff of Hollywood films, they’re real and they could be a threat if undetected.

In a presentation at the Black Hat security conference in Washington DC, security researcher Chris Wysopal from Veracode discussed in gory detail where back doors have been in applications in the past and where they continue to come up.

Essentially a back door is some kind of hidden user name, password, credential or function that someone has put into a program to do something ‘unexpected’.

In his presentation Wysopal had a picture of the Cylon, Caprica Six
(actress Tricia Helfer) from the new Battlestar Galactica. His purpose
was to talk about back doors on TV, though Wysopal didn’t seem to know all that much about Battlestar Galactica (which makes me wonder if someone else who is a fan helped him to make the presentation). Anyways the point (and yes I am a fan) is that Caprica Six (as fans of
Battlestar Galactica know) inserted a back door into Dr. Gaius Baltar’s
Colonial Defence Network program. The Cylon’s back door enabled them to
overrun the Colonial defenses and nearly exterminate humanity.

Wysopal showed how some back doors could be relatively trivial to insert into an application, yet difficult to detect. In one example just by virtue of the fact that a function was missing an ‘=’ in its statement, a back door was inserted.

In another case Wysopal described a case where a bank he was working with found a back door in one of their applications. After some analysis it was determined that the back door had been inserted by people who had knowledge of the bank’s code auditing processes. As such they were able to avoid detection by putting the back door in a part of the code that wasn’t subject to audit.

The lesson? Don’t trust anyone and audit everything. You might end up saving humanity.

News Around the Web