Back doors

In the 1983 movie "War Games," a young computer cracker (played by a very young Matthew Broderick) becomes interested in breaking through security on a computer system he's located by automatic random dialing ("war dialing") of telephone numbers. Thinking that he's cracking into a video-game site, he eventually manages to break security by locating a secret password that gives him the power to bypass normal imitations. He goes on to play Global Thermonuclear War - which nearly results in the real thing.

The unauthorized, undocumented part of the source code that bestows special privileges is, in the language of computer security, a "back door," sometimes called a "trap door." A back door will not necessarily cause harm by itself; it merely allows access to program functions - including normal functions - by breaching normal access controls.

Why would anyone install a back door in a program?

In cases where the culprit means no harm, back doors are leftovers from the development and testing phases of software development. When functions are deep in nested series of commands or screens, programmers often insert a shortcut that lets them go directly to a specific function or screen so they can continue testing from that point rather than having to go through the entire sequence of data entry, menu-item selection, and so on. Such shortcuts can significantly shorten testing time for those people unfortunate enough still to be using manual quality assurance techniques (as opposed to automated testing).

The problem occurs when the programmers forget to remove the back doors. When this happens, a poorly tested program can enter production (use for real business or distribution to real customers) with a dangerous, undocumented feature that can bypass normal restrictions such as edit checks during data entry. Back doors of this kind sometimes result in data corruption, as when a database program allows someone to short-circuit the usual validation of entered data and simply lets a user cut directly to an update function that happens to have bad data in the input buffers.

Back doors are part of a program; they are distinguished from Trojan horses, which are programs with a covert purpose. A Trojan horse is a program which has undocumented or unauthorized functions that can cause harm during normal usage by innocent users as well as by criminals. Thus, many Trojan horse programs have back doors, but back doors may exist in programs that would not usually be described as Trojan horses.

A specific kind of Trojan horse program is known as an Easter Egg; this is usually an undocumented game or display intended by its authors to be harmless. Unfortunately, due to poor programming or software incompatibilities that develop as operating systems change, Easter Eggs can also cause major problems such as system lockups or crashes. All Easter Eggs depend on back doors - usually undocumented keystroke sequences - to be invoked.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Show Comments