Hackers can gain access to Juniper products running ScreenOS, announces the company itself. A backdoor has been found in NetScreen firewalls, which gives hackers admin access, and the ability to decrypt VPN.
The company doesn’t know how the unauthorized code got in there, or for how long it’s been inside their software. The company warned that NetScreen firewalls based on ScreenOS 6.2.0r15 to 6.2.0r18, and 6.3.0r12 to 6.3.0r20 are afflicted. Juniper recommends immediate patching.
The company published release notes, which hint that the code has been implemented since 2012. However, ScreenOS 6.2 was launched in 2008, so there’s a possibility that the backdoor has been present inside the software for the past 7 years or so.
The company has refused to speak with the countless journalists of the tech world that hailed them with e-mails since the news broke out yesterday.
What can hackers do if they gain access?
They can monitor the VPN traffic in order to decrypt it.
Also, the code offers remote administrative access to ScreenOS running devices via SSH or telnet.
How did the code got in there?
There are two scenarios at the moment. The first is that it may be some rejected code left in production releases of the operating system, noticed by an internal SNAFU. It’s incredibly troublesome, with dire consequences for the company’s customers, but it’s way better than the second scenario.
The second theory entails that a third party hid the code into ScreenOS in order to gain access, and potentially do damage, to Juniper customers. This third party can very well be the NSA.
When the classified documents were leaked by, now former, NSA subcontractor Edward Snowden, it showed that NSA agents could easily intercept network gear from Cisco Systems while said products were being shipped to their designated owners.
The NSA was responsible for installing unwanted and borderline illegal firmware onto countless devices before they were sent to their final destination.
Maintaining a covert firmware onto a device for so long is a highly complicated thing to do. However, in 2013, an article published by Der Spiegel showcased how an NSA operation – simply known as FEEDTHROUGH; was capable of working against Juniper OSes – read, firewalls; and the agency had constant access via backdoors.
The article reported that the malware tunnelled into Juniper firewall, and it granted NSA programs access to the mainframe computer. These programs don’t get deleted even if a reboot or a software upgrade is performed.
FEEDTHROUGH has been included in many platforms, states the catalogue.
Juniper’s advisory doesn’t hint at the NSA. Actually, the company doesn’t have any leads at the moment as who the perpetrator was.
The company has announced that there’s no evidence that the unauthorized code has been added in other Juniper OSes or products.