Identifying Backdoors in Production-Ready Code
By Ido Sarig
The security world is abuzz with news about a “backdoor” – undocumented access to its programmatic interface – found in a popular FPGA manufactured in China and used in US military applications.
Whether you are concerned that this is a deliberate Chinese plot to attack Western militaries, or relieved to hear that this is just a "common" backdoor, put in for debugging purposes, you should take note of the following:
"Backdoors are a common problem in software. About 20% of home routers have a backdoor in them, and 50% of industrial control computers have a backdoor. The cause of these backdoors isn't malicious, but a byproduct of software complexity. Systems need to be debugged before being shipped to customers. Therefore, the software contains debuggers. Often, programmers forget to disable the debugger backdoors before shipping.”