A backdoor is a piece of software (often built in by the author) that allows users to gain access to the computer or any other proprietary feature of a computer program by bypassing normal access security. One example is universal passwords for a BIOS or special software (usually secretly installed by a Trojan) that allows remote access to the computer.
Difference between backdoor and Trojan
A Trojan horse, or Trojan for short, is a computer program or script that disguises itself as a useful application, but performs another function in the background without the user’s knowledge. The simplest example of this is a malicious program that deletes the user’s files, but whose filename suggests a different function. It doesn’t matter whether the “funny screensaver” actually displays a screensaver while destroying the data, or whether it simply destroys the data. The use of the misleading file name is enough to classify the program as a Trojan horse.
Trojans can also be used to install backdoor programs, but they do not necessarily have to contain them. If a Trojan hosts and installs a standalone backdoor program, the intruder accesses the installed backdoor program and not the Trojan. In this case, the Trojan merely served as a utility for stealthy installation. The Trojan can then be deleted at any time without affecting the further functioning of the backdoor program.
However, no one is stopping the developer of a backdoor program from using the technology of a Trojan. A backdoor program that disguises itself as a useful application (for example, a desktop clock that secretly provides remote access to the computer) is a hybrid between a backdoor and a Trojan. If such a program is terminated or even deleted, the secret backdoor function is no longer available.
Examples of Backdoor
One variant is to build fixed passwords into a system that are only known to the creator of the system or other hidden functions that allow access without the usual authentication. A well-known example of this is the hash code assigned by Award Software over several years, which is operated with the BIOS universal password “lkwpeter”.
Software that provides remote access to the computer includes programs such as Sub Seven and Back Orifice. In 1999, a variable called NSAKEY was found in Windows and a backdoor was also suspected.
The routers from Cisco Systems, which handle large parts of Internet traffic, are also equipped with backdoors for US intelligence agencies.
In movies, backdoors have been made known to the masses. In Jurassic Park, engineer Ray Arnold also tries to hack into a computer system using a backdoor password.
Protection Against a Backdoor
In the case of software products, free access to their source code is an aspect of computer security. Among other things, it is important to minimize the risk that a product may contain functionalities that the user is not supposed to know about, such as the secret function of a backdoor.
Open-source software can be checked by the public for this and can also be examined for vulnerabilities by legally harmless means, which can be closed more quickly in this way.
Although open-source software can be examined for secret functionalities and vulnerabilities by anyone with the appropriate expertise, this does not mean that the mere availability of the source code is a guarantee that it has been sufficiently checked by computer users. Security vulnerabilities in open-source software that have existed over a long period of time indicate this fact. In addition, a cleverly installed backdoor is sometimes difficult to recognize, even with in-depth specialist knowledge. The time required for an analysis is often considerable for complex programs.
It is often difficult for the user to see whether the executable program obtained from an external source was actually created with the published source code or whether a backdoor or other change was made beforehand. Here, too, it is true that with the appropriate expertise, at least in theory, a review is possible. However, this is often difficult in practice, because the binaries created during compilation can be influenced by many factors, especially with larger codebases, and there is generally no reliable way to find out under what conditions an executable was created.
One way to secure this step of compiling is to create reproducible builds. The software is compiled reproducibly or deterministically and so everyone can check by compiling it that the compilation was built from the corresponding source code and that no backdoor was introduced during the build process.