Misplaced Pages

#755244

56-665: DoublePulsar is a backdoor implant tool developed by the U.S. National Security Agency 's (NSA) Equation Group that was leaked by The Shadow Brokers in early 2017. The tool infected more than 200,000 Microsoft Windows computers in only a few weeks, and was used alongside EternalBlue in the May 2017 WannaCry ransomware attack . A variant of DoublePulsar was first seen in the wild in March 2016, as discovered by Symantec. Sean Dillon, senior analyst of security company RiskSense Inc. , first dissected and inspected DoublePulsar. He said that

112-570: A p + 1 4 ( mod p ) {\displaystyle x\equiv a^{\frac {p+1}{4}}{\pmod {p}}} and y ≡ a q + 1 4 ( mod q ) {\displaystyle y\equiv a^{\frac {q+1}{4}}{\pmod {q}}} . Here the conditions p ≡ 3 ( mod 4 ) {\displaystyle p\equiv 3{\pmod {4}}} and q ≡ 3 ( mod 4 ) {\displaystyle q\equiv 3{\pmod {4}}} guarantee that

168-738: A ≡ x 2 ( mod p ) , a ≡ y 2 ( mod q ) , c ≡ 1 ( mod p ) , c ≡ 0 ( mod q ) , d ≡ 0 ( mod p ) , d ≡ 1 ( mod q ) {\displaystyle a\equiv x^{2}{\pmod {p}},a\equiv y^{2}{\pmod {q}},c\equiv 1{\pmod {p}},c\equiv 0{\pmod {q}},d\equiv 0{\pmod {p}},d\equiv 1{\pmod {q}}} . See Chinese remainder theorem for more details. Note that given primes p {\displaystyle p} and q {\displaystyle q} , we can find x ≡

224-660: A RAND Corporation task force report published under DARPA sponsorship by J.P. Anderson and D.J. Edwards in 1970. While initially targeting the computer vision domain, backdoor attacks have expanded to encompass various other domains, including text, audio, ML-based computer-aided design, and ML-based wireless signal classification. Additionally, vulnerabilities in backdoors have been demonstrated in deep generative models , reinforcement learning (e.g., AI GO), and deep graph models. These broad-ranging potential risks have prompted concerns from national security agencies regarding their potentially disastrous consequences. A backdoor in

280-691: A backdoor was discovered in certain Samsung Android products, like the Galaxy devices. The Samsung proprietary Android versions are fitted with a backdoor that provides remote access to the data stored on the device. In particular, the Samsung Android software that is in charge of handling the communications with the modem, using the Samsung IPC protocol, implements a class of requests known as remote file server (RFS) commands, that allows

336-423: A backdoor. Although some are secretly installed, other backdoors are deliberate and widely known. These kinds of backdoors have "legitimate" uses such as providing the manufacturer with a way to restore user passwords. Many systems that store information within the cloud fail to create accurate security measures. If many systems are connected within the cloud , hackers can gain access to all other platforms through

392-563: A combination of the two. The theory of asymmetric backdoors is part of a larger field now called cryptovirology . Notably, NSA inserted a kleptographic backdoor into the Dual EC DRBG standard. There exists an experimental asymmetric backdoor in RSA key generation. This OpenSSL RSA backdoor, designed by Young and Yung, utilizes a twisted pair of elliptic curves, and has been made available. A sophisticated form of black box backdoor

448-444: A covert backdoor becomes unveiled. Even direct admissions of responsibility must be scrutinized carefully if the confessing party is beholden to other powerful interests. Many computer worms , such as Sobig and Mydoom , install a backdoor on the affected computer (generally a PC on broadband running Microsoft Windows and Microsoft Outlook ). Such backdoors appear to be installed so that spammers can send junk e-mail from

504-435: A covert rootkit running in the photomask etching equipment could enact this discrepancy unbeknown to the photomask manufacturer, either, and by such means, one backdoor potentially leads to another. In general terms, the long dependency-chains in the modern, highly specialized technological economy and innumerable human-elements process control-points make it difficult to conclusively pinpoint responsibility at such time as

560-411: A login system might take the form of a hard coded user and password combination which gives access to the system. An example of this sort of backdoor was used as a plot device in the 1983 film WarGames , in which the architect of the " WOPR " computer system had inserted a hardcoded password-less account which gave the user access to the system, and to undocumented parts of the system (in particular,

616-536: A modified version of the Unix C compiler that would put an invisible backdoor in the Unix login command when it noticed that the login program was being compiled, and would also add this feature undetectably to future compiler versions upon their compilation as well. As the compiler itself was a compiled program, users would be extremely unlikely to notice the machine code instructions that performed these tasks. (Because of

SECTION 10

#1732776435756

672-468: A number of cloak and dagger considerations that come into play when apportioning responsibility. Covert backdoors sometimes masquerade as inadvertent defects (bugs) for reasons of plausible deniability . In some cases, these might begin life as an actual bug (inadvertent error), which, once discovered are then deliberately left unfixed and undisclosed, whether by a rogue employee for personal advantage, or with C-level executive awareness and oversight. It

728-406: A part of the standard library and compiles it. After that, every program compiled by that Delphi installation will contain the virus. An attack that propagates by building its own Trojan horse can be especially hard to discover. It resulted in many software vendors releasing infected executables without realizing it, sometimes claiming false positives. After all, the executable was not tampered with,

784-489: A system has been compromised with a backdoor or Trojan horse, such as the Trusting Trust compiler, it is very hard for the "rightful" user to regain control of the system – typically one should rebuild a clean system and transfer data (but not executables) over. However, several practical weaknesses in the Trusting Trust scheme have been suggested. For example, a sufficiently motivated user could painstakingly review

840-416: A variant where the system initialization code is modified to insert a backdoor during booting , as this is complex and poorly understood, and call it an "initialization trapdoor"; this is now known as a boot sector virus . This attack was then actually implemented by Ken Thompson , and popularized in his Turing Award acceptance speech in 1983, "Reflections on Trusting Trust", which points out that trust

896-497: A video game-like simulation mode and direct interaction with the artificial intelligence ). Although the number of backdoors in systems using proprietary software (software whose source code is not publicly available) is not widely credited, they are nevertheless frequently exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission. There are

952-415: Is a compiler backdoor , where not only is a compiler subverted—to insert a backdoor in some other program, such as a login program—but it is further modified to detect when it is compiling itself and then inserts both the backdoor insertion code (targeting the other program) and the code-modifying self-compilation, like the mechanism through which retroviruses infect their host. This can be done by modifying

1008-551: Is a stub . You can help Misplaced Pages by expanding it . Backdoor (computing) In the United States, the 1994 Communications Assistance for Law Enforcement Act forces internet providers to provide backdoors for government authorities. In 2024, the U.S. government realized that China had been tapping communications in the U.S. using that infrastructure for months, or perhaps longer; China recorded presidential candidate campaign office phone calls —including employees of

1064-456: Is also possible for an entirely above-board corporation's technology base to be covertly and untraceably tainted by external agents (hackers), though this level of sophistication is thought to exist mainly at the level of nation state actors. For example, if a photomask obtained from a photomask supplier differs in a few gates from its photomask specification, a chip manufacturer would be hard-pressed to detect this if otherwise functionally silent;

1120-551: Is easy to compute x . Consider a padlock and its key. It is trivial to change the padlock from open to closed without using the key, by pushing the shackle into the lock mechanism. Opening the padlock easily, however, requires the key to be used. Here the key t is the trapdoor and the padlock is the trapdoor function. An example of a simple mathematical trapdoor is "6895601 is the product of two prime numbers. What are those numbers?" A typical " brute-force " solution would be to try dividing 6895601 by many prime numbers until finding

1176-415: Is easy to compute in one direction, yet difficult to compute in the opposite direction (finding its inverse ) without special information, called the "trapdoor". Trapdoor functions are a special case of one-way functions and are widely used in public-key cryptography . In mathematical terms, if f is a trapdoor function, then there exists some secret information t , such that given f ( x ) and t , it

SECTION 20

#1732776435756

1232-557: Is much harder to inspect, as it is designed to be machine-readable, not human-readable. These backdoors can be inserted either directly in the on-disk object code, or inserted at some point during compilation, assembly linking, or loading—in the latter case the backdoor never appears on disk, only in memory. Object code backdoors are difficult to detect by inspection of the object code, but are easily detected by simply checking for changes (differences), notably in length or in checksum, and in some cases can be detected or analyzed by disassembling

1288-550: Is no known "trapdoor" information about the group that enables the efficient computation of discrete logarithms. A trapdoor in cryptography has the very specific aforementioned meaning and is not to be confused with a backdoor (these are frequently used interchangeably, which is incorrect). A backdoor is a deliberate mechanism that is added to a cryptographic algorithm (e.g., a key pair generation algorithm, digital signing algorithm, etc.) or operating system, for example, that permits one or more unauthorized parties to bypass or subvert

1344-431: Is relative, and the only software one can truly trust is code where every step of the bootstrapping has been inspected. This backdoor mechanism is based on the fact that people only review source (human-written) code, and not compiled machine code ( object code ). A program called a compiler is used to create the second from the first, and the compiler is usually trusted to do an honest job. Thompson's paper describes

1400-900: Is the trapdoor: If the factorization of n = p q {\displaystyle n=pq} is known, then ϕ ( n ) = ( p − 1 ) ( q − 1 ) {\displaystyle \phi (n)=(p-1)(q-1)} can be computed. With this the inverse d {\displaystyle d} of e {\displaystyle e} can be computed d = e − 1 mod ϕ ( n ) {\displaystyle d=e^{-1}\mod {\phi (n)}} , and then given y = f ( x ) {\displaystyle y=f(x)} , we can find x = y d mod n = x e d mod n = x mod n {\displaystyle x=y^{d}\mod n=x^{ed}\mod n=x\mod n} . Its hardness follows from

1456-404: Is typically done by simply rebuilding a clean system. However, the sophisticated verifications are of interest to operating system vendors, to ensure that they are not distributing a compromised system, and in high-security settings, where such attacks are a realistic concern. Trapdoor function In theoretical computer science and cryptography , a trapdoor function is a function that

1512-437: The revision control system . In this case, a two-line change appeared to check root access permissions of a caller to the sys_wait4 function, but because it used assignment = instead of equality checking == , it actually granted permissions to the system. This difference is easily overlooked, and could even be interpreted as an accidental typographical error, rather than an intentional attack. In January 2014,

1568-511: The NSA exploits are "10 times worse" than the Heartbleed security bug, and use DoublePulsar as the primary payload . DoublePulsar runs in kernel mode , which grants cybercriminals a high level of control over the computer system. Once installed, it uses three commands: ping , kill , and exec , the latter of which can be used to load malware onto the system. This malware -related article

1624-571: The RSA assumption. Let n {\displaystyle n} be a large composite number such that n = p q {\displaystyle n=pq} , where p {\displaystyle p} and q {\displaystyle q} are large primes such that p ≡ 3 ( mod 4 ) , q ≡ 3 ( mod 4 ) {\displaystyle p\equiv 3{\pmod {4}},q\equiv 3{\pmod {4}}} , and kept confidential to

1680-648: The adversary. The problem is to compute z {\displaystyle z} given a {\displaystyle a} such that a ≡ z 2 ( mod n ) {\displaystyle a\equiv z^{2}{\pmod {n}}} . The trapdoor is the factorization of n {\displaystyle n} . With the trapdoor, the solutions of z can be given as c x + d y , c x − d y , − c x + d y , − c x − d y {\displaystyle cx+dy,cx-dy,-cx+dy,-cx-dy} , where

1736-417: The answer. However, if one is told that 1931 is one of the numbers, one can find the answer by entering "6895601 ÷ 1931" into any calculator. This example is not a sturdy trapdoor function – modern computers can guess all of the possible answers within a second – but this sample problem could be improved by using the product of two much larger primes . Trapdoor functions came to prominence in cryptography in

DoublePulsar - Misplaced Pages Continue

1792-423: The attacker who plants it, even if the full implementation of the backdoor becomes public (e.g. via publishing, being discovered and disclosed by reverse engineering , etc.). Also, it is computationally intractable to detect the presence of an asymmetric backdoor under black-box queries. This class of attacks have been termed kleptography ; they can be carried out in software, hardware (for example, smartcards ), or

1848-472: The backdoor operator to perform via modem remote I/O operations on the device hard disk or other storage. As the modem is running Samsung proprietary Android software, it is likely that it offers over-the-air remote control that could then be used to issue the RFS commands and thus to access the file system on the device. Harder to detect backdoors involve modifying object code , rather than source code—object code

1904-400: The backdoor, for example detecting that the subverted binary is being checksummed and returning the expected value, not the actual value. To conceal these further subversions, the tools must also conceal the changes in themselves—for example, a subverted checksummer must also detect if it is checksumming itself (or other subverted tools) and return false values. This leads to extensive changes in

1960-425: The best known trapdoor function (family) candidates are the RSA and Rabin families of functions. Both are written as exponentiation modulo a composite number, and both are related to the problem of prime factorization . Functions related to the hardness of the discrete logarithm problem (either modulo a prime or in a group defined over an elliptic curve ) are not known to be trapdoor functions, because there

2016-480: The compiler recompiled from original source with the compromised compiler executable: the backdoor has been bootstrapped. This attack dates to a 1974 paper by Karger and Schell, and was popularized in Thompson's 1984 article, entitled "Reflections on Trusting Trust"; it is hence colloquially known as the "Trusting Trust" attack. See compiler backdoors , below, for details. Analogous attacks can target lower levels of

2072-597: The compiler was. It is believed that the Induc-A virus had been propagating for at least a year before it was discovered. In 2015, a malicious copy of Xcode, XcodeGhost , also performed a similar attack and infected iOS apps from a dozen of software companies in China. Globally, 4,000 apps were found to be affected. It was not a true Thompson Trojan, as it does not infect development tools themselves, but it did prove that toolchain poisoning can cause substantial damages. Once

2128-443: The compiler, this in turn can be fixed by recompiling the compiler, removing the backdoor insertion code. This defense can in turn be subverted by putting a source meta-backdoor in the compiler, so that when it detects that it is compiling itself it then inserts this meta-backdoor generator, together with the original backdoor generator for the original program under attack. After this is done, the source meta-backdoor can be removed, and

2184-450: The compiler-under-test. That source, compiled with both compilers, results in two different stage-1 compilers, which however should have the same behavior. Thus the same source compiled with both stage-1 compilers must then result in two identical stage-2 compilers. A formal proof is given that the latter comparison guarantees that the purported source code and executable of the compiler-under-test correspond, under some assumptions. This method

2240-421: The following two examples, we always assume that it is difficult to factorize a large composite number (see Integer factorization ). In this example, the inverse d {\displaystyle d} of e {\displaystyle e} modulo ϕ ( n ) {\displaystyle \phi (n)} ( Euler's totient function of n {\displaystyle n} )

2296-594: The infected machines. Others, such as the Sony/BMG rootkit , placed secretly on millions of music CDs through late 2005, are intended as DRM measures—and, in that case, as data-gathering agents , since both surreptitious programs they installed routinely contacted central servers. A sophisticated attempt to plant a backdoor in the Linux kernel , exposed in November 2003, added a small and subtle code change by subverting

DoublePulsar - Misplaced Pages Continue

2352-460: The machine code of the untrusted compiler before using it. As mentioned above, there are ways to hide the Trojan horse, such as subverting the disassembler; but there are ways to counter that defense, too, such as writing a disassembler from scratch. A generic method to counter trusting trust attacks is called diverse double-compiling . The method requires a different compiler and the source code of

2408-474: The mid-1970s with the publication of asymmetric (or public-key) encryption techniques by Diffie , Hellman , and Merkle . Indeed, Diffie & Hellman (1976) coined the term. Several function classes had been proposed, and it soon became obvious that trapdoor functions are harder to find than was initially thought. For example, an early suggestion was to use schemes based on the subset sum problem . This turned out rather quickly to be unsuitable. As of 2004 ,

2464-484: The most vulnerable system. Default passwords (or other default credentials) can function as backdoors if they are not changed by the user. Some debugging features can also act as backdoors if they are not removed in the release version. In 1993, the United States government attempted to deploy an encryption system, the Clipper chip , with an explicit backdoor for law enforcement and national security access. The chip

2520-486: The object code. Further, object code backdoors can be removed (assuming source code is available) by simply recompiling from source on a trusted system. Thus for such backdoors to avoid detection, all extant copies of a binary must be subverted, and any validation checksums must also be compromised, and source must be unavailable, to prevent recompilation. Alternatively, these other tools (length checks, diff, checksumming, disassemblers) can themselves be compromised to conceal

2576-493: The original exploit in 2002, and, in 2009, Wheeler wrote a historical overview and survey of the literature. In 2023, Cox published an annotated version of Thompson's backdoor source code. Thompson's version was, officially, never released into the wild. However, it is believed that a version was distributed to BBN and at least one use of the backdoor was recorded. There are scattered anecdotal reports of such backdoors in subsequent years. In August 2009, an attack of this kind

2632-399: The second task, the compiler's source code would appear "clean".) What's worse, in Thompson's proof of concept implementation, the subverted compiler also subverted the analysis program (the disassembler ), so that anyone who examined the binaries in the usual way would not actually see the real code that was running, but something else instead. Karger and Schell gave an updated analysis of

2688-421: The security of the system in some fashion. A trapdoor function is a collection of one-way functions { f k  : D k → R k } ( k ∈ K ), in which all of K , D k , R k are subsets of binary strings {0, 1} , satisfying the following conditions: If each function in the collection above is a one-way permutation, then the collection is also called a trapdoor permutation . In

2744-480: The source code, and the resulting compromised compiler (object code) can compile the original (unmodified) source code and insert itself: the exploit has been boot-strapped. This attack was originally presented in Karger & Schell (1974), which was a United States Air Force security analysis of Multics , where they described such an attack on a PL/I compiler, and call it a "compiler trap door". They also mention

2800-452: The system and tools being needed to conceal a single change. As object code can be regenerated by recompiling (reassembling, relinking) the original source code, making a persistent object code backdoor (without modifying source code) requires subverting the compiler itself—so that when it detects that it is compiling the program under attack it inserts the backdoor—or alternatively the assembler, linker, or loader. As this requires subverting

2856-467: The system to bypass security facilities and permit direct access to data. The use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning (see trapdoor function ), and thus the term "backdoor" is now preferred, only after the term trapdoor went out of use. More generally, such security breaches were discussed at length in

SECTION 50

#1732776435756

2912-612: The system, such as the operating system, and can be inserted during the system booting process; these are also mentioned by Karger and Schell in 1974, and now exist in the form of boot sector viruses . A traditional backdoor is a symmetric backdoor: anyone that finds the backdoor can in turn use it. The notion of an asymmetric backdoor was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology – Crypto '96 . An asymmetric backdoor can only be used by

2968-509: The then-vice president of the nation– and of the candidates themselves. A backdoor may take the form of a hidden part of a program, a separate program (e.g. Back Orifice may subvert the system through a rootkit ), code in the firmware of the hardware, or parts of an operating system such as Windows . Trojan horses can be used to create vulnerabilities in a device. A Trojan horse may appear to be an entirely legitimate program, but when executed, it triggers an activity that may install

3024-495: Was applied by its author to verify that the C compiler of the GCC suite (v. 3.0.4) contained no trojan, using icc (v. 11.0) as the different compiler. In practice such verifications are not done by end users, except in extreme circumstances of intrusion detection and analysis, due to the rarity of such sophisticated attacks, and because programs are typically distributed in binary form. Removing backdoors (including compiler backdoors)

3080-467: Was discovered by Sophos labs. The W32/Induc-A virus infected the program compiler for Delphi , a Windows programming language. The virus introduced its own code to the compilation of new Delphi programs, allowing it to infect and propagate to many systems, without the knowledge of the software programmer. The virus looks for a Delphi installation, modifies the SysConst.pas file, which is the source code of

3136-471: Was unsuccessful. Recent proposals to counter backdoors include creating a database of backdoors' triggers and then using neural networks to detect them. The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference. They noted a class of active infiltration attacks that use "trapdoor" entry points into

#755244