Examples of back doors

Back doors (or "trap doors," as they are often called) have been known for decades. Let's look at some of the history. Willis Ware wrote about them 32 years ago:

"Trap-door entry points often are created deliberately during the design and development stage to simplify the insertion of authorized program changes by legitimate system programmers, with the intent of closing the trap-door prior to operational use. Unauthorized entry points can be created by a system programmer who wishes to provide a means for bypassing internal security controls and thus subverting the system. There is also the risk of implicit trap-doors that may exist because of incomplete system design - i.e., loopholes in the protection mechanisms. For example, it might be possible to find an unusual combination of system control variables that will create an entry path around some or all of the safeguards."

Early experiments in cracking the MULTICS operating system developed by Honeywell and the Massachusetts Institute of Technology located back doors in that environment in trials from 1972 to 1975, allowing the researchers to obtain maximum security capabilities on several MULTICS systems (see Karger & Schell for details).

In 1980, Philip Myers described the insertion and exploitation of back doors as "subversion" in a master's thesis at the Naval Postgraduate School. He pointed out that subversion, unlike penetration attacks, can begin at any phase of the system development life cycle, including design, implementation, distribution, installation and production.

Donn Parker described interesting back-door cases in some papers (no longer available) from the 1980s. For example, a programmer discovered a back door left in a FORTRAN compiler by the writers of the compiler. This section of code allowed execution to jump from a regular program file to code stored in a data file. The criminal used the back door to steal computer processing time from a service bureau so he could execute his own code at other users' expense. In another case, remote users from Detroit used back doors in the operating system of a Florida time-sharing service to find passwords that allowed unauthorized and unpaid access to proprietary data and programs.

Even the U.S. government has attempted to insert back doors in code. In September 1997, Congress' proposed legislation to ban domestic U.S. encryption unless the algorithm included a back door allowing decryption on demand by law enforcement authorities moved Ron Rivest to satire. The famed co-inventor of the Public Key Cryptosystem and founder of RSA Data Security pointed out that some people believe the Bible contains secret messages and codes, so the proposed law would ban the Bible.

More recently, devices using the Palm OS were discovered to have no effective security despite the password function. Apparently, developer tools supplied by Palm allow a back-door conduit into the supposedly locked data.

Distributed denial-of-service zombie or slave programs are examples of a type of back door, although they don't offer total control of the contaminated system. These tools allow the user of a master or controller program to issue (usually) encrypted messages that direct a stream of packets at a designated IP address at a specific time. With hundreds or thousands of such infected systems responding all at once, almost any target on the Internet can be swamped.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about HoneywellMassachusetts Institute of Technology

Show Comments