Juniper warns of spying code in firewalls

The NSA has targeted Juniper firewalls in the past

Juniper, a major manufacturer of networking equipment, said on Thursday it found spying code planted in certain models of its firewalls, an alarming discovery that echoes of state-sponsored tampering.

The affected products are those running ScreenOS, one of Juniper's operating systems that runs on a range of appliances that act as firewalls and enable VPNs. ScreenOS versions 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are vulnerable, according to an advisory.

The unauthorized code was found during a recent internal review, wrote Bob Worrall, Juniper's chief information officer. He did not indicate where Juniper thinks the code originated.

Juniper has released critical patches to fix the problems.

"At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority," Worrell wrote.

The internal review uncovered two problems. One could allow remote administrative access to a ScreenOS device over telnet or SSH.

Although log files would reflect a login attempt, "a skilled attacker would likely remove these entries from the log file, thus effectively eliminating any reliable signature that the device had been compromised," Juniper wrote.

The second vulnerability can allow an attacker who can monitor VPN traffic to decrypt it. VPNs are encrypted connections between a user and another computer and are often used by companies to allow secure remote access to their systems for employees who are traveling.

Disturbingly, Juniper wrote that "there is no way to detect that this vulnerability was exploited."

The earliest affected version of ScreenOS, 6.2.0r15, appears to have been released in September 2012, according to documentation.

That suggests attackers may have had access to corporate firewalls and VPN connections for a long time if Juniper was compromised at that time. Firewalls are rich targets for cyberattackers since the devices monitor all data traffic flowing in and out of an organization.

The compromise of such a prominent vendor with code specifically designed for spying echoes operations by the NSA described in documents leaked in 2013 by former contractor Edward Snowden.

A December 2013 story in the German publication Der Spiegel described a 50-page catalog of hardware and software tools used by the NSA to infiltrate the equipment, including one targeted at Juniper's NetScreen appliances.

The document describes a technique nicknamed FEEDTROUGH, which is used to keep two kinds of software implants on a Juniper NetScreen firewall.  The technique is aimed at keeping the software implants on the device even if it reboots or is upgraded.

The NSA also targeted other major networking manufacturers, including Cisco and Huawei, Der Spiegel reported. 

 

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?