Backdoor: Difference between revisions
m changed category to self |
SinexTitan (talk | contribs) link to Wikipedia |
||
| (11 intermediate revisions by 4 users not shown) | |||
| Line 1: | Line 1: | ||
A backdoor is a method of covertly bypassing authentication, often in a digital system. A backdoor can be placed intentionally by a party to secretly access the system, or can be the result of a bug or exploit. | A {{Wplink|backdoor_(computing)|backdoor}} is a method of covertly bypassing authentication, often in a digital system. A backdoor can be placed intentionally by a party to secretly access the system, or can be the result of a bug or exploit. | ||
==How it works== | ==How it works== | ||
| Line 8: | Line 8: | ||
A backdoor malware is a software that, when executed installs a backdoor into the system that executed it.<ref name=":0" /> This is often referred to as a ''Trojan''. These often use an unpatched exploit to gain access to the system. | A backdoor malware is a software that, when executed installs a backdoor into the system that executed it.<ref name=":0" /> This is often referred to as a ''Trojan''. These often use an unpatched exploit to gain access to the system. | ||
''' | '''Proprietary backdoors''' | ||
A propriatary backdoor is a built-in backdoor; A backdoor that was intentionally placed there.<ref name=":0" /> These backdoors can be used for good or bad purposes. Some may exist for testing purposes. However, if left in the final product, may be susceptible to exploitation. Other built-in backdoors are used by the company for nefarious purposes. | A propriatary backdoor is a built-in backdoor; A backdoor that was intentionally placed there.<ref name=":0" /> These backdoors can be used for good or bad purposes. Some may exist for testing purposes. However, if left in the final product, may be susceptible to exploitation. Other built-in backdoors are used by the company for nefarious purposes. | ||
==Why it is a problem== | ==Why it is a problem== | ||
Backdoors can be used to inject [[spyware]] in order to collect information on users.<ref name=":0">{{Cite web |last=Malwarebytes |title=Backdoor computing attakcs |url=https://www.malwarebytes.com/backdoor}}</ref> | Backdoors can be used to inject [[spyware]] in order to collect information on users. | ||
<ref name=":0">{{Cite web |last=Malwarebytes |title=Backdoor computing attakcs |url=https://www.malwarebytes.com/backdoor |url-status=live |archive-url=http://web.archive.org/web/20251229225937/https://www.malwarebytes.com/backdoor |archive-date=29 Dec 2025}}</ref> Backdoors are dangerous as they can be both officially implanted by project maintainers for various reasons or implanted by unofficial code contributors or distributors. | |||
==Examples== | ==Examples== | ||
===Apple Backdoor UK Lawsuit=== | |||
===SecuRam Backdoor=== | |||
{{Main|SecuRam installs backdoor on ProLogic series safe locks}} | |||
===Signal’s Refusal to Implement Australian Government Backdoor=== | |||
[[wikipedia:Signal_(software)|Signal]], an encrypted messenger, has threatened to leave Australia to due the Australian Government’s mandate to have access over the contents of Signal’s messages.<ref> https://ia.acs.org.au/article/2025/signal-threatens-to-leave-australia-over-govt-s-backdoor-push.html</ref><ref> https://www.vice.com/en/article/signal-app-australia-encryption-backdoor-bill/</ref> While this is not an example of a backdoor, this is an example of how governments can demand that platforms implement malicious backdoors. | |||
===XZ Utils Backdoor=== | |||
The [[wikipedia:XZ_Utils_backdoor|XZ Utils backdoor]] was a code contribution to the XZ Utilities Linux system package that allowed remote code execution through a specific SSH key.<ref> https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27</ref> This backdoor was significant as it went against the previously commonly held belief of open source software security through independent code auditing. The code contributor first had built trust with the maintainers by submitting legitimate code initially before implementing the backdoor in a subtle way through multiple layers to avoid suspicion. However this backdoor was discovered by Andres Freund.<ref> https://lwn.net/Articles/967180/</ref> | |||
==References== | ==References== | ||
{{reflist}} | {{reflist}} | ||
[[Category: | [[Category:Common terms]] | ||
Latest revision as of 18:17, 26 February 2026
A backdoor is a method of covertly bypassing authentication, often in a digital system. A backdoor can be placed intentionally by a party to secretly access the system, or can be the result of a bug or exploit.
How it works
[edit | edit source]There are many types of backdoor.
Backdoor malware
A backdoor malware is a software that, when executed installs a backdoor into the system that executed it.[1] This is often referred to as a Trojan. These often use an unpatched exploit to gain access to the system.
Proprietary backdoors
A propriatary backdoor is a built-in backdoor; A backdoor that was intentionally placed there.[1] These backdoors can be used for good or bad purposes. Some may exist for testing purposes. However, if left in the final product, may be susceptible to exploitation. Other built-in backdoors are used by the company for nefarious purposes.
Why it is a problem
[edit | edit source]Backdoors can be used to inject spyware in order to collect information on users. [1] Backdoors are dangerous as they can be both officially implanted by project maintainers for various reasons or implanted by unofficial code contributors or distributors.
Examples
[edit | edit source]Apple Backdoor UK Lawsuit
[edit | edit source]SecuRam Backdoor
[edit | edit source]- Main article: SecuRam installs backdoor on ProLogic series safe locks
Signal’s Refusal to Implement Australian Government Backdoor
[edit | edit source]Signal, an encrypted messenger, has threatened to leave Australia to due the Australian Government’s mandate to have access over the contents of Signal’s messages.[2][3] While this is not an example of a backdoor, this is an example of how governments can demand that platforms implement malicious backdoors.
XZ Utils Backdoor
[edit | edit source]The XZ Utils backdoor was a code contribution to the XZ Utilities Linux system package that allowed remote code execution through a specific SSH key.[4] This backdoor was significant as it went against the previously commonly held belief of open source software security through independent code auditing. The code contributor first had built trust with the maintainers by submitting legitimate code initially before implementing the backdoor in a subtle way through multiple layers to avoid suspicion. However this backdoor was discovered by Andres Freund.[5]
References
[edit | edit source]- ↑ 1.0 1.1 1.2 Malwarebytes. "Backdoor computing attakcs". Archived from the original on 29 Dec 2025.
- ↑ https://ia.acs.org.au/article/2025/signal-threatens-to-leave-australia-over-govt-s-backdoor-push.html
- ↑ https://www.vice.com/en/article/signal-app-australia-encryption-backdoor-bill/
- ↑ https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27
- ↑ https://lwn.net/Articles/967180/