What a Backdoor is and How to protect yourself from these Attacks

Page content

Rather than bugs which accidentally make it into many application is a backdoor intentionally programmed into a piece of software and hidden from the users and the administrative GUI. You usually simply don’t know when a backdoor exists on system, program or hardware device. What’s more is that backdoors usually permit to make use of the software or hardware with the most elevated privileges such as root or administrator for example. In turn, credentials which exist in plain sight and which can be managed by you or the admins do not qualify as backdoor.

Backdoors are a definitely not a good practice because the use of backdoors cannot be monitored and accounted for despite that a vendor perhaps ‘merely’ wanted to have a plan B should the software’s or device’s main password have been lost or forgotten. As you can see from this example are backdoors not necessarily something illegal, but definitely a security risk rather to be found in niche software of local vendors that in a blue chips mainstream software company.

By definition does a backdoor usually give root or admin privileges. As malicious code found in a virus or a Trojan horse normally lacks that most privileged account characteristic they are not considered backdoors with the exception of rootkits, invisible malware flying under the radar of the operating system and anti-virus program, which includes a backdoor including remote access. Yet, please note that by means of keylogger malware a hacker may intercept the admin password which later, in phase two of the attack permits the cybercriminal to create a backdoor of some sort.

As a best practice to prevent vendor backdoors it is recommend to include the topic in the service level agreement, whereas due care is needed in all other cases. This includes, but is not limited to restricting disgruntled staff or employees who have been given notice from creating accounts with admin rights to the mandatory, updated antivirus / antispyware on a patched system. Technically, an intrusion prevention and detection system can be helpful against backdoors, and all efforts against backdoors can be leveraged with IT security audits of course.