How do backdoors work?

Question

I always hear about backdoors and I understand the main purpose but I have some questions:

In what kind of software/web application/OS can I find them ?
How can I recognize one ?
How do I prevent them ?
Is the analogy good to compare them to have root access (in a Linux way) ?
Any more relevant information about them.

score 39 · Accepted Answer · answered Jun 10 '15 at 10:13

In what kind of software/webapplication/OS can I found them ?

Literally anything.

How can I recognize one ?

By reverse engineering the software and carefully analysing it for flaws in authentication and access control, as well as issues with memory access in native applications. It's the same process by which you'd find any other vulnerability. This is not a trivial task, and entire books have been written on the subject.

If you're looking to know the difference between a generic security vulnerability and a backdoor, the difference is the intent of the programmer who put it there. You have to find evidence and use intuition to identify if it was purposeful or not. Usually this is not a yes/no answer.

How do I prevent them ?

You basically can't. You just have to expect software to be broken and have a plan to (a) keep things up to date, and (b) deal with it should there be a breach. It's not about if, it's about when.

Is the analogy good to compare them to have root access (in a Linux way) ?

Not exactly. A backdoor is anything that provides a lesser-authorised user to gain access to something they shouldn't. The backdoor might allow full access to an unauthenticated user, or it might allow some limited access to an unauthenticated user, or it might allow an authenticated low-privilege user to gain access to something at a higher privilege level.

Any more relevent informations about them.

There isn't much, really. Backdoors are just intentional faults put into code to give someone access outside of the normal security model.

Although you can't prevent back doors, you can minimise the impact by applying least privilege and containerisation. — paj28, Jun 11 '15 at 07:46
You would not build a castle without one, or more (for redundancy). The trick is keeping them a secret. — mckenzm, Feb 18 '16 at 06:37

score 12 · Answer 2 · edited Mar 17 '17 at 13:14

Backdoors are part of the software itself. They are placed in the source code (or hardware) from the start. It allows the original coder some sort of access through their software or hardware. With that in mind:

In what kind of software/webapplication/OS can I found them?

Due to the nature of backdoors there is no kind of software that specifically has backdoors. They can be in any piece of software or hardware on any platform.

How can I recognize one?

If you suspect that a piece of hardware or software has a backdoor you'll need to analyze it. Reverse engineer the binary to find the anomaly. This can be time consuming. A lot of the techniques talked about in this question and answer apply to analyzing a piece of software.

How do I prevent them?

Backdoors are deliberately inserted into computer systems by the originator. There is no prevention. If you find a backdoor it might be possible to patch it yourself. However, with the increased amount of code signed binaries this might be prove to become more difficult.

Is the analogy good to compare them to have root access (in a Linux way)?

While backdoors can give root access it's not really an analogy. A better analogy would be asking a locksmith to install locks in your home, and while he's there he installs a special lock that while it opens with the key he gave you it also opens with a key he has.

Any more relevent informations about them.

The important thing to remember about backdoors is that they are deliberate. They aren't bugs in the code. The developer/designer placed a vulnerability within the system on purpose. Some backdoors can be easy to spot. For example, you buy a router and you notice that there is an extra admin account that you didn't create. Others might require specific exploitation of a software vulnerability to leverage it. They come in all shapes and sizes (just like other vulnerabilities).

An Example of a Backdoor in an Open Source Project
Web Backdoor Example

Backdoors are not always a part of a software. They can be a separate entity too. For eg: Netcat can be used as a backdoor too. — ρss, Jun 10 '15 at 11:46
Thanks. Could you give me an example of how a backdoor is coded (in any language language-like you want) ? — Kruncho, Jun 10 '15 at 11:47
@pss With respect to backdoors there is always a portion of code that was deliberately inserted into a system. If you use another piece of software to take advantage of it, that piece of software isn't the backdoor. It's just used to access the backdoor. — RoraΖ, Jun 10 '15 at 11:55
@Kruncho Take a look at An Example of a Backdoor in an Open Source Project — RoraΖ, Jun 10 '15 at 11:56
@Kruncho Also take a look at this link for a web app example. — RoraΖ, Jun 10 '15 at 12:04
@raz It is true that it can be a piece of a code that could be shipped with some other software or a hardware. In my opinion Backdoor seems to be a confusing term. It is sometimes referred as a method of circumventing the security and sometimes as a software/hardware. :) — ρss, Jun 10 '15 at 12:06

How do backdoors work?

2 Answers2