Menu
Juniper warns of spying code in firewalls

Juniper warns of spying code in firewalls

The NSA has targeted Juniper firewalls in the past

Juniper, a major manufacturer of networking equipment, said on Thursday it found spying code planted in certain models of its firewalls, an alarming discovery that echoes of state-sponsored tampering.

The affected products are those running ScreenOS, one of Juniper's operating systems that runs on a range of appliances that act as firewalls and enable VPNs. ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are vulnerable, according to an advisory.

The unauthorized code was found during a recent internal review, wrote Bob Worrall, Juniper's chief information officer. He did not indicate where Juniper thinks the code originated.

Juniper has released critical patches to fix the problems.

"At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority," Worrell wrote.

The internal review uncovered two problems. One could allow remote administrative access to a ScreenOS device over telnet or SSH.

Although log files would reflect a login attempt, "a skilled attacker would likely remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised," Juniper wrote.

The second vulnerability can allow an attacker who can monitor VPN traffic to decrypt it. VPNs are encrypted connections between a user and another computer and are often used by companies to allow secure remote access to their systems for employees who are traveling.

Disturbingly, Juniper wrote that "there is no way to detect that this vulnerability was exploited."

The earliest affected version of ScreenOS, 6.2.0r15, appears to have been released in September 2012, according to documentation.

That suggests attackers may have had access to corporate firewalls and VPN connections for a long time if Juniper was compromised at that time. Firewalls are rich targets for cyberattackers since the devices monitor all data traffic flowing in and out of an organization.

The compromise of such a prominent vendor with code specifically designed for spying echoes operations by the NSA described in documents leaked in 2013 by former contractor Edward Snowden.

A December 2013 story in the German publication Der Spiegel described a 50-page catalog of hardware and software tools used by the NSA to infiltrate the equipment, including one targeted at Juniper's NetScreen appliances.

The document describes a technique nicknamed FEEDTROUGH, which is used to keep two kinds of software implants on a Juniper NetScreen firewall.  The technique is aimed at keeping the software implants on the device even if it reboots or is upgraded.

The NSA also targeted other major networking manufacturers, including Cisco and Huawei, Der Spiegel reported. 

 


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

What to expect from your IT Distributor

Whether you’re just starting out or you’ve been around since before the dot com rollercoaster, choosing the right distribution partner can be a pivotal factor in your success. This definitive guide outlines the traits that every IT partner needs to look for in their IT Distributor.

Featured

Slideshows

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners

This year’s Reseller News 30 Under 30 Tech Awards were held as an integral part of the first entirely virtual Emerging Leaders​ forum, an annual event dedicated to identifying, educating and showcasing the New Zealand technology market’s rising stars. The 30 Under 30 Tech Awards 2020 recognised the outstanding achievements and business excellence of 30 talented individuals​, across both young leaders and those just starting out. In this slideshow, Reseller News honours this year's winners and captures their thoughts about how their ideas of leadership have changed over time.​

Meet the Reseller News 30 Under 30 Tech Awards 2020 winners
Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security

This exclusive Reseller News Exchange event in Auckland explored the challenges facing the partner community on the cloud security frontier, as well as market trends, customer priorities and how the channel can capitalise on the opportunities available. In association with Arrow, Bitdefender, Exclusive Networks, Fortinet and Palo Alto Networks. Photos by Gino Demeer.

Reseller News Exchange Auckland: Beyond the myths — how partners can master cloud security
Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomes industry figures at 2020 Hall of Fame lunch

Reseller News welcomed 2019 inductees - Leanne Buer, Ross Jenkins and Terry Dunn - to the fourth running of the Reseller News Hall of Fame lunch, held at the French Cafe in Auckland. The inductees discussed the changing face of the IT channel ecosystem in New Zealand and what it means to be a Reseller News Hall of Fame inductee. Photos by Gino Demeer.

Reseller News welcomes industry figures at 2020 Hall of Fame lunch
Show Comments