Backdoors

Backdoors ou Porta dos fundos são trechos de código mal-intencionado que criam uma ou mais falhas de segurança para dar acesso ao sistema operacional à pessoas não autorizadas. Esta falha de segurança criada é análoga a uma porta dos fundos por onde a pessoa mal-intencionada pode entrar (invadir) o sistema.
Backdoors podem ser inseridos propositalmente pelos criadores do sistema ou podem ser obra de terceiros, usando para isso um vírus, verme ou cavalo de tróia.
Em geral, quando nos referimos a um Backdoor, trata-se de um Backdoor que possa ser explorado através da internet, mas o termo pode ser usado de forma mais ampla para designar formas furtivas de se obter informações privilegiadas em sistemas de todo tipo. Por exemplo: o Clipper Chip, dispositivo de criptografia do governo norte americano, possui um Backdoor embutido pelo próprio governo que permite recuperar as informações codificadas anteriormente com o dispositivo.


1.Backdoors

Normalmente um atacante procura garantir uma forma de retornar a um computador comprometido, sem precisar recorrer aos métodos utilizados na realização da invasão. Na maioria dos casos, também é intenção do atacante poder retornar ao computador comprometido sem ser notado.

A esses programas que permitem o retorno de um invasor a um computador comprometido, utilizando serviços criados ou modificados para este fim, dá-se o nome de backdoor.
1.1. Como é feita a inclusão de um backdoor em um computador?

A forma usual de inclusão de um backdoor consiste na disponibilização de um novo serviço ou substituição de um determinado serviço por uma versão alterada, normalmente possuindo recursos que permitam acesso remoto (através da Internet). Pode ser incluído por um invasor ou através de um cavalo de tróia.

Uma outra forma é a instalação de pacotes de software, tais como o BackOrifice e NetBus, da plataforma Windows, utilizados para administração remota. Se mal configurados ou utilizados sem o consentimento do usuário, podem ser classificados como backdoors.
1.2. A existência de um backdoor depende necessariamente de uma invasão?

Não. Alguns dos casos onde a existência de um backdoor não está associada a uma invasão são:

* instalação através de um cavalo de tróia.
* inclusão como conseqüência da instalação e má configuração de um programa de administração remota;

Alguns fabricantes incluem/incluíam backdoors em seus produtos (softwares, sistemas operacionais), alegando necessidades administrativas. É importante ressaltar que estes casos constituem uma séria ameaça à segurança de um computador que contenha um destes produtos instalados, mesmo que backdoors sejam incluídos por fabricantes conhecidos.

1.3. Backdoors são restritos a um sistema operacional específico?

Não. Backdoors podem ser incluídos em computadores executando diversos sistemas operacionais, tais como Windows (por exemplo, 95/98, NT, 2000, XP), Unix (por exemplo, Linux, Solaris, FreeBSD, OpenBSD, AIX), Mac OS, entre outros.

1.4. Existe alguma maneira de proteger um computador de backdoors?

Embora os programas antivírus não sejam capazes de descobrir backdoors em um computador, as medidas preventivas contra a infecção por vírus são válidas para se evitar algumas formas de instalação de backdoors.

A idéia é que você não execute programas de procedência duvidosa ou desconhecida, sejam eles recebidos por e-mail, sejam obtidos na Internet. A execução de tais programas pode resultar na instalação de um backdoor.

Caso você utilize algum programa de administração remota, certifique-se de que ele esteja bem configurado, de modo a evitar que seja utilizado como um backdoor.

Uma outra medida preventiva consiste na utilização de um firewall pessoal. Apesar de não eliminarem os backdoors, se bem configurados, podem ser úteis para amenizar o problema, pois podem barrar as conexões entre os invasores e os backdoors instalados em um computador.

Também é importante visitar constantemente os sites dos fabricantes de softwares e verificar a existência de novas versões ou patches para o sistema operacional ou softwares instalados em seu computador.

Existem casos onde a disponibilização de uma nova versão ou de um patch está associada à descoberta de uma vulnerabilidade em um software, que permite a um atacante ter acesso remoto a um computador, de maneira similar ao acesso aos backdoors.

Backdoor is a secret or unauthorized channel for accessing computer system. In an attack scenario, hackers install backdoors on a machine, once compromised, to access it in an easier manner at later times

With the growing use of e-commerce, web applications have become target of choice for attackers. With a backdoor, such attacker can virtually have full and undetected access to your application for long time. It is critical to understand the ways backdoor can be installed and to take required preventive steps.
Essentially there can be three vulnerabilities that can introduce the backdoor in an application:

A backdoor in a computer system (or cryptosystem or algorithm) is a method of bypassing normal authentication, securing remote access to a computer, obtaining covert access to plaintext, and so on, while attempting to remain undetected. The backdoor may take the form of an installed program (e.g., Back Orifice), or could be a modification to an existing program or hardware device.
Contents
·1 Overview
·2 Reflections on Trusting Trust
·3 Backdoors in the media
·4 References
·5 External links

Overview
The threat of backdoors surfaced when multiuser and networked operating systems became widely adopted. Petersen and Turn discussed computer subversion in a paper published in the proceedings of the 1967 AFIPS Conference.[1] They noted a class of active infiltration attacks that use "trapdoor" entry points into the system to bypass security facilities and permit direct access to data. The use of the word trapdoor here clearly coincides with more recent definitions of a backdoor. However, since the advent of public key cryptography the term trapdoor has acquired a different meaning. More generally, such security breaches were discussed at length in a RAND Corporation task force report published under ARPA sponsorship by J.P. Anderson and D.J. Edwards in 1970.[2]
A backdoor in a login system might take the form of a hard coded user and password combination which gives access to the system. A famous example of this sort of backdoor was as a plot device in the 1983 film WarGames, in which the architect of the "WOPR" computer system had inserted a hardcoded password (his dead son's name) which gave the user access to the system, and to undocumented parts of the system (in particular, a video game–like simulation mode).
An attempt to plant a backdoor in the Linux kernel, exposed in November 2003, showed how subtle such a code change can be.[3] In this case a two-line change appeared to be a typographical error, but actually gave the caller to the sys_wait4 function root access to the system.[4]
Although the number of backdoors in systems using proprietary software (that is, software whose source code is not readily available for inspection) is not widely credited, they are nevertheless periodically (and frequently) exposed. Programmers have even succeeded in secretly installing large amounts of benign code as Easter eggs in programs, although such cases may involve official forbearance, if not actual permission.
It is also possible to create a backdoor without modifying the source code of a program, or even modifying it after compilation. This can be done by rewriting the compiler so that it recognizes code during compilation that triggers inclusion of a backdoor in the compiled output. When the compromised compiler finds such code, it compiles it as normal, but also inserts a backdoor (perhaps a password recognition routine). So, when the user provides that input, he gains access to some (likely undocumented) aspect of program operation. This attack was first outlined by Ken Thompson in his famous paper Reflections on Trusting Trust (see below).
Many computer worms, such as Sobig and Mydoom, install a backdoor on the affected computer (generally a PC on broadband running insecure versions of Microsoft Windows and Microsoft Outlook). Such backdoors appear to be installed so that spammers can send junk e-mail from the infected machines. Others, such as the Sony/BMG rootkit distributed silently on millions of music CDs through late 2005, are intended as DRM measures — and, in that case, as data gathering agents, since both surreptitious programs they installed routinely contacted central servers.
A traditional backdoor is a symmetric backdoor: anyone that finds the backdoor can in turn use it. The notion of an asymmetric backdoor was introduced by Adam Young and Moti Yung in the Proceedings of Advances in Cryptology: Crypto '96. An asymmetric backdoor can only be used by the attacker who plants it, even if the full implementation of the backdoor becomes public (e.g., via publishing, being discovered and disclosed by reverse engineering, etc.). Also, it is computationally intractable to detect the presence of an asymmetric backdoor under black-box queries. This class of attacks have been termed kleptography; they can be carried out in software, hardware (for example, smartcards), or a combination of the two. The theory of asymmetric backdoors is part of a larger field now called cryptovirology.
There exists an experimental asymmetric backdoor in RSA key generation. This OpenSSL RSA backdoor was designed by Young and Yung, utilizes a twisted pair of elliptic curves, and has been made available.

Reflections on Trusting Trust
Ken Thompson's Reflections on Trusting Trust[5] was the first major paper to describe black box backdoor issues, and points out that trust is relative. It described a very clever backdoor mechanism based upon the fact that people only review source (human-written) code, and not compiled machine code. A program called a compiler is used to create the second from the first, and the compiler is usually trusted to do an honest job.
Thompson's paper described a modified version of the Unix C compiler that would:
·Put an invisible backdoor in the Unix login command when compiled, and as a twist
·Also add this feature undetectably to future compiler versions upon their compilation as well.
Because the compiler itself was a compiled program, users would be extremely unlikely to notice the machine code instructions that performed these tasks. (Because of the second task, the compiler's source code would appear "clean".) What's worse, in Thompson's proof of concept implementation, the subverted compiler also subverted the analysis program (the disassembler), so that anyone who examined the binaries in the usual way would not actually see the real code that was running, but something else instead. This version was never released into the wild. It was released to a sibling Bell Labs organization as a test case; they never found the attack.
In theory, once a system has been compromised with a back door or Trojan horse, such as the Trusting Trust compiler, there is no way for the "rightful" user to regain control of the system. However, several practical weaknesses in the Trusting Trust scheme have been suggested. (For example, a sufficiently motivated user could painstakingly review the machine code of the untrusted compiler before using it. As mentioned above, there are ways to counter this attack, such as subverting the disassembler; but there are ways to counter that defense, too, such as removing the hard disk and physically examining the program's binary disk image — security is always a metaphorical arms race.)

Backdoors in the media
·The popular movie WarGames is about a teenage hacker who discovers a backdoor inserted in the Department of Defense's computer system by the system's designer
·The Keymaker in the Matrix Trilogy was a program used to create keys to the various backdoors of the Matrix.
·Part of the plot of the Dan Brown novel Digital Fortress involves an attempt by the NSA to place a backdoor in an apparently unbreakable piece of encryption software; this theme may have been inspired by the real-life Clipper chip.
·In the Battlestar Galactica miniseries, a Cylon agent states that she programmed backdoors into widely implemented military software to shut down human defenses and allow nuclear bombardment.

References
1.^ H.E. Petersen, R. Turn. "System Implications of Information Privacy". Proceedings of the AFIPS Spring Joint Computer Conference, vol. 30, pages 291–300. AFIPS Press: 1967.
2.^ Security Controls for Computer Systems, Technical Report R-609, WH Ware, ed, Feb 1970, RAND Corp.
3.^ Linux-Kernel Archive: Re: BK2CVS problem
4.^ Thwarted Linux backdoor hints at smarter hacks; Kevin Poulsen; SecurityFocus, 6 November 2003.
5.^ Reflections on Trusting Trust

fontes:
[1]http://cartilha.cert.br/malware/sec4.html
[2]http://en.wikipedia.org/wiki/Backdoor_(computing)