Juniper Networks, one of the big US companies that produces networking devices and software, has discovered unauthorized code that can compromise such devices, in an internal review that the company recently had.
They made the announcement that such code was present on Thursday and subsequently proceeded to immediately release critical patches to fix the issue.
They recommended that users download and install these patches so that they are protected from any future attack.
The products with vulnerabilities are only those running certain versions of Juniper Networks’ operating system, called ScreenOS.
The OS system versions in question are 6.2.0r15 – 6.2.0r18 and 6.3.0r12 – 6.3.0r20.
The good news is that Juniper Networks have had no reports that the vulnerable NetScreen devices have actually been exploited.
The bad news is that if they were two be exploited, it could happen in 2 ways. Both of which are very difficult or impossible to detect.
The first scenario consists of a competent hacker getting administrative access to a Juniper device. This access can be gained remotely. And once the hacker has administrative access, he/she can simply delete the log files marking his passage. Therefore, no sign would be left of the attack and the operations performed.
The second scenario involves a likewise competent hacker being able to eliminate the encryption of data sent via the VPN’s using vulnerable Juniper devices. There are no means at the company or user’s disposal to detect whether such a decryption took place.
The disturbing part is that the unauthorized code allows for these two scenarios because it works by compromising the firewall on those Juniper devices running the above mentioned operating system. So, in essence, that barrier which should protect your computer from threats from the “outside” (the whole web) is the actual vulnerability, the entry point.
To add to that, the unauthorized code is designed to spy, not disable or damage your computer or cost you any money, which brings forth strong images of state involvement as opposed to freelance hackers or hacker organizations.
Also worth noting is that the Juniper Networks spy code alert comes just two years after a report by the German Der Spiegel featured an article on NSA’s frequent security breaches of the company’s devices, including the methods used (Feedthrough – a toolkit that inserts software implants on Netscreen devices that remain active even after reboot or upgrade).
Also around 2013 were Edward Snowden’s allegations that the NSA and other US intelligence agencies intercept and alter technology products on a regular basis.
So why are these reports from 2 years ago relevant for the alert issued yesterday? Simple. Because the earliest version of the Screen OS 6.2.0r15 is dated 2012.
It all fits nicely and is a plausible assumption that this recently discovered breach is in fact state-sponsored.
What are your thoughts on the matter?
Image source: 1.