The IT Law Wiki

Back door

32,080pages on
this wiki
Add New Page
Add New Page Talk0
[W]hen you build a back door . . . for the good guys, you can be assured that the bad guys will figure out how to use it as well.[1]

Definitions Edit

A back door (often spelled backdoor) (also called a trap door, trapdoor or golden key) is

[a] method of regaining remote control of a victim's computer by reconfiguring installed legitimate software or the installation of a specialized program designed to allow access under attacker-defined conditions. Trojan horse programs and rootkits often contain backdoor components.[2]
[t]ypically unauthorized hidden software or hardware mechanism used to circumvent security controls.[3]
[a] hardware or software mechanism that (a) provides access to a system and its resources by other than the usual procedure, (b) maintainers, and (c) usually is not publicly known.[4]
malicious code that allows unauthorized access to a program, computer system, online service or network by accepting remote commands from an attacker elsewhere on the Internet. Back door software reconfigures installed legitimate software or installs specialized programs designed to allow access under attacker-defined conditions. The software "listens" for commands on a certain Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) port.
[a] hole or access point left, by design, in the program by the original programmer or developer. Usually used by programmers to simplify the program-testing procedures; however, on occasion, programmers forget to close these holes or are not aware of other holes created by the original backdoor.[5]
[a] computer system feature — which may be (a) an unintentional flaw, (b) a mechanism deliberately installed by the system's creator, or (c) a mechanism surreptitiously installed by an intruder — that provides access to a system resource by other than the usual procedure and usually is hidden or otherwise not well-known.[6]
an undocumented entry point into a computer program, which is generally inserted by a programmer to allow access to the program.[7]
[a]n entry point to a program or a system that is hidden or disguised, often created by the software's author for maintenance. A certain sequence of control characters permits access to the system manager account. If the back door becomes known, unauthorized users (or malicious software) can gain entry and cause damage.[8]

Overview Edit

A backdoor "generally circumvents security programs and provides access to a program, an online service, or an entire computer system. It can be authorized or unauthorized, documented or undocumented."[9]

Back doors allow attackers to execute remote commands and install other software, which may in turn compromise passwords or other personal data, or allow the machine to be used for further nefarious purposes. Remote access or backdoor functionality is typically now included in most Trojan horses and bot programs. A backdoor may intentionally but ill-advisedly be included in legitimate software products to facilitate remote customer support, but become an exploitable vulnerability when discovered by malicious actors. "If a backdoor is installed on a network-attached computer, a person anywhere on the Internet may be able to gain control of the computer without your knowledge or approval. A backdoor need not have malicious intent; e.g. operating systems are sometimes shipped by the manufacturer with privileged accounts for use by field service technicians or the vendor's maintenance programmers. However, they may also be used for intrusion by unauthorized persons."[10]

Most back doors consist of a client component and a server component. The client resides on the intruder's remote computer, and the server resides on the infected system. When a connection between client and server is established, the remote intruder has some degree of control over the infected computer. At a minimum, most back doors allow an attacker to perform a certain set of actions on a system, such as transferring files, acquiring passwords, or executing arbitrary commands.

"Some of the measures that states can take to compel service providers to create backdoors include:

Another approach that gained attention in early 2016 are measures to compel companies to generate and deploy software updates that would defeat the encryption protections from a particular device, tool or service."[11]

References Edit

  1. Encryption and Evolving Technology: Implications for U.S. Law Enforcement Investigations, Summary.
  2. Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, at 114.
  3. CNSSI 4009.
  4. Internet Security Glossary, at 19.
  5. Internet Banking: Comptroller's Handbook, at 64-65.
  6. Internet Security Glossary 30 (RFC 4949) (Ver. 2) (Aug. 2007).
  7. Smart Grid Threat Landscape and Good Practice Guide, at 13. See also NIST Special Publication 800-82, at B-1.
  8. Symantec, Glossary (full-text).
  9. Investigations Involving the Internet and Computer Networks, at 87.
  10. Information Technology Security Handbook, Annex 1, Glossary.
  11. Encryption: A Matter of Human Rights, at 35.

See also Edit

Also on Fandom

Random Wiki