A backdoor attack is a type of cybersecurity threat that could put companies, websites, and internet users at risk. The term covers a wide range of common cyberattacks, targeting everyone from individuals to government agencies and international corporations. So what is a backdoor attack, and how dangerous can it be?
Contents
A backdoor is any route by which someone can circumvent normal security measures to access a system. Pieces of software often come with backdoors built into their code so that engineers and developers can bypass their own defenses to fix problems for their users.
Backdoor attacks involve cybercriminals using these entry points to gain unauthorized access to data and systems. These incidents often go undetected, at least at first, because the hackers didn’t have to disrupt or brute force their way through any of the cybersecurity systems. Once they’ve got remote access to a network or device, a bad actor can install malware, engage in data theft, and spy on user activity.
Backdoor attacks can be extremely dangerous because they often involve hackers gaining an extremely high level of access and privileges within a system or network. If they can do this without being detected, they can then squat there for months, monitoring user activity. Here are just some of the dangers posed by backdoor attacks.
Want to read more like this?
Get the latest news and tips from NordVPN.
Backdoor intrusions have been discussed as a potential threat for more than half a century. As soon as the first networked, multi-user operating systems were developed around the middle of the 20th century, the threat of unauthorized access and subversion became a possibility.
In 1967, a paper published at a conference of the American Federation of Information Processing Societies discussed the risks of “trapdoor” attacks, in reference to what we now call backdoor attacks.
Flash forward to the 1990s, when personal computers and even early hand-held mobile devices were beginning to become more widely available. The US’s National Security Agency began developing a new project: the Clipper chip. In theory, this Clipper could be added to phones and computers as a standard part of the manufacturing process, giving authorities a secure backdoor to all US devices.
There was an outcry from privacy and security experts, who saw how easily this backdoor hardware could be hijacked and exploited by bad actors, and Clipper was abandoned. That may also have been due to the project’s spiraling costs.
To this day, the NSA is still accused of trying to insert or exploit backdoors in software and applications. The company Juniper Networks, whose devices are widely used by US government agencies, uncovered a flaw in its encryption algorithm, which had been used by cybercriminals to steal data. The algorithm was created by the NSA, which has led some to wonder if the so-called flaw was actually a backdoor, intended to give NSA agents access to certain devices.
Backdoor attacks vary depending on the types of backdoors they use. We’ll explore those different options now.
Lots of software developers include backdoors in their programs to give them easy administrative access to various areas of their own systems. Doing so can help them to troubleshoot user problems and fix vulnerabilities quickly. However, if these backdoors are discovered by cybercriminals, they can be used to launch cyber attacks.
A malicious backdoor is one created for a malicious purpose. This process may involve hackers installing backdoor malware through a targeted phishing email. For example, a bad actor might infect the device of a government employee with a backdoor trojan, and then through the infected device they begin worming their way into whatever networks the employee has access to. If the hacker can eventually gain access to the code of an operating system, they can add backdoors to allow for easy access in the future.
Many backdoors are just the result of human error. When a developer leaves a weak point in their internet security systems, it can go undetected for a long time. If bad actors find the flaw first, they can use it as a backdoor to the operating system or application.
While most backdoor attacks involve hackers gaining remote access to networks and devices through software flaws, it’s also possible to include hardware backdoors in the physical structure of a device. A good example is the Clipper chip that the NSA proposed. However, this approach is high risk for a cybercriminal, as it requires physical access to a targeted device.
A backdoor attack is not always a trojan, but it can be. Trojans are pieces of malware that install themselves covertly, hiding inside another piece of software. If you download free programs or applications — especially those hosted on disreputable or high-risk sites — they may come bundled with trojans.
Backdoor attacks that rely on malware can often use trojan attacks as a delivery mechanism. However, the term “backdoor attack” is wide-ranging, so this is just one strategy.
An early instance of a malicious backdoor appeared in 1998, when a hacking collective (Cult of the Dead Cow) created a form of malware to exploit weaknesses in the Windows operating system. This small program could be installed through a trojan without alerting the system’s user. It then allowed the hacker to remotely control the infected device.
Ten years later, we find an example of an administrative backdoor. Juniper Networks (the same company that would later be the center of another backdoor-related controversy) deliberately built backdoors into the firmware on some of their products. With a preset master password, a user could gain administrative access to the system.
Juniper Networks isn’t the only company with connections to the US government to have suffered backdoor attacks. In 2020, the software company SolarWinds, which supplies software to US government agencies, was targeted by hackers. The attackers were able to install backdoors in SolarWinds software, allowing hackers to bypass security protocols and spy on the internal activity of the US government for almost a year.
Backdoors can be perfectly legal, provided they are coded into software by the developers for legitimate reasons and used safely. As we’ve covered, backdoors can be a normal part of administrative and troubleshooting processes.
However, if a hacker finds or creates a backdoor and uses it to gain unauthorized access to a piece of software, they are breaking the law.
That doesn’t mean all hackers who go looking for backdoors are criminals, of course. Many white hat hackers work as penetration testers. These cybersecurity experts try to find accidental backdoors before the cybercriminals do so that the vulnerabilities can be patched.
Individuals can only do a limited amount to protect themselves from backdoor attacks because these incidents often involve large organizations and service providers rather than the devices of normal users.
However, if you’re an employee who’s worried about allowing hackers to sneak into your company, here are some steps you can take to protect yourself.
Protect your privacy with the world’s fastest VPN.
If you think you’re the victim of a backdoor attack, take these steps to limit the potential damage.
While there are no silver bullets when it comes to completely removing any malicious backdoors, here are a few steps you can take.
Of course, backdoor attacks aren’t the only cyber threats you need to worry about online. Here are just a few of the most common cybersecurity risks you might encounter.
While some people use the phrase trapdoor and backdoor interchangeably in the cybersecurity context, the word trapdoor has another meaning in computing that is not related to this topic.
In cryptography, a “trapdoor function” is a process in which data can move in one direction easily but cannot be reversed without a special key or piece of information.
If someone is talking about a trapdoor attack, however, they are probably referring to backdoor attacks rather than referencing the cryptographic trapdoor function.