Identifying Backdoors in Production-Ready Code

By Ido Sarig

Ido Photo

The security world is abuzz with news about a “backdoor” – undocumented  access to its programmatic interface –  found in a popular FPGA manufactured in China and used in US military applications.

Whether you are concerned that this is a deliberate Chinese plot to attack Western militaries, or relieved to hear that this is just a "common" backdoor, put in for debugging purposes, you should take note of the following:

"Backdoors are a common problem in software. About 20% of home routers have a backdoor in them, and 50% of industrial control computers have a backdoor. The cause of these backdoors isn't malicious, but a byproduct of software complexity. Systems need to be debugged before being shipped to customers. Therefore, the software contains debuggers. Often, programmers forget to disable the debugger backdoors before shipping.” 

Continue reading >>

Tweet about this on TwitterShare on Google+Share on FacebookShare on LinkedInEmail this to someone