Juniper Networks has discovered a deliberately placed back door in its ScreenOS operating system, the software that powers its older lines of firewalls.
The company has issued a patch for the vulnerability but now has to grapple with the question of who inserted the code.
Juniper issued a security alert yesterday, noting that a “knowledgeable” intruder can use this back door to gain administrative access of a firewall and decrypt the VPN traffic running through it.
The affected versions of ScreenOS are 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. These all pertain to products from the former Netscreen, which Juniper acquired in 2004.
Juniper’s newer SRX line of security products is based on the Junos operating system. “We have no evidence that the SRX or other devices running Junos are impacted at this time,” Juniper’s security advisory reads.
What’s interesting is that Juniper was singled out in 2013 by Der Spiegel as having been compromised by the NSA. The German magazine described a catalogue-like document, leaked by Edward Snowden, listing technologies for wiretapping pretty much any firewall. In Juniper’s case, the NSA had a “digital lock pick” called Feedtrough that could survive software upgrades, creating a door permanently propped open.
The timing of the discovery is interesting, too, because in reaction to recent terrorist activity, some U.S. officials are calling for compulsory back doors to be added to networking equipment.