Backdoor: Difference between revisions

(One intermediate revision by one other user not shown)

Line 1:

A backdoor is a method of covertly bypassing authentication, often in a digital system. A backdoor can be placed intentionally by a party to secretly access the system, or can be the result of a bug or exploit.

A {{Wplink|backdoor_(computing)|backdoor}} is a method of covertly bypassing authentication, often in a digital system. A backdoor can be placed intentionally by a party to secretly access the system, or can be the result of a bug or exploit.

==How it works==

Line 21:

===Signal’s Refusal to Implement Australian Government Backdoor===

[[wikipedia:Signal_(software)|Signal]], an encrypted messenger, has threatened to leave Australia to due the Australian Government’s mandate to have access over the contents of Signal’s messages.<ref> https://ia.acs.org.au/article/2025/signal-threatens-to-leave-australia-over-govt-s-backdoor-push.html</ref><ref> https://www.vice.com/en/article/signal-app-australia-encryption-backdoor-bill/</ref>

[[wikipedia:Signal_(software)|Signal]], an encrypted messenger, has threatened to leave Australia to due the Australian Government’s mandate to have access over the contents of Signal’s messages.<ref> https://ia.acs.org.au/article/2025/signal-threatens-to-leave-australia-over-govt-s-backdoor-push.html</ref><ref> https://www.vice.com/en/article/signal-app-australia-encryption-backdoor-bill/</ref> While this is not an example of a backdoor, this is an example of how governments can demand that platforms implement malicious backdoors.

===XZ Utils Backdoor===

The [[wikipedia:XZ_Utils_backdoor|XZ Utils backdoor]] was a code contribution to the XZ Utilities Linux system package that allowed remote code execution through a specific SSH key.<ref> https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27</ref> This backdoor was significant as it went against the previously commonly held belief of open source software security through independent code auditing. The code contributor first had built trust with the maintainers by submitting legitimate code initially before implementing the backdoor in a subtle way through multiple layers to avoid suspicion. However this backdoor was discovered by Andres Freund.<ref> https://lwn.net/Articles/967180/</ref>

@@ Line 1: / Line 1: @@
-A backdoor is a method of covertly bypassing authentication, often in a digital system. A backdoor can be placed intentionally by a party to secretly access the system, or can be the result of a bug or exploit.
+A {{Wplink|backdoor_(computing)|backdoor}} is a method of covertly bypassing authentication, often in a digital system. A backdoor can be placed intentionally by a party to secretly access the system, or can be the result of a bug or exploit.
 ==How it works==
@@ Line 21: / Line 21: @@
 {{Main|SecuRam installs backdoor on ProLogic series safe locks}}
 ===Signal’s Refusal to Implement Australian Government Backdoor===
-[[wikipedia:Signal_(software)|Signal]], an encrypted messenger, has threatened to leave Australia to due the Australian Government’s mandate to have access over the contents of Signal’s messages.<ref> https://ia.acs.org.au/article/2025/signal-threatens-to-leave-australia-over-govt-s-backdoor-push.html</ref><ref> https://www.vice.com/en/article/signal-app-australia-encryption-backdoor-bill/</ref>
+[[wikipedia:Signal_(software)|Signal]], an encrypted messenger, has threatened to leave Australia to due the Australian Government’s mandate to have access over the contents of Signal’s messages.<ref> https://ia.acs.org.au/article/2025/signal-threatens-to-leave-australia-over-govt-s-backdoor-push.html</ref><ref> https://www.vice.com/en/article/signal-app-australia-encryption-backdoor-bill/</ref> While this is not an example of a backdoor, this is an example of how governments can demand that platforms implement malicious backdoors.
 ===XZ Utils Backdoor===
 The [[wikipedia:XZ_Utils_backdoor|XZ Utils backdoor]] was a code contribution to the XZ Utilities Linux system package that allowed remote code execution through a specific SSH key.<ref> https://gist.github.com/thesamesam/223949d5a074ebc3dce9ee78baad9e27</ref> This backdoor was significant as it went against the previously commonly held belief of open source software security through independent code auditing. The code contributor first had built trust with the maintainers by submitting legitimate code initially before implementing the backdoor in a subtle way through multiple layers to avoid suspicion. However this backdoor was discovered by Andres Freund.<ref> https://lwn.net/Articles/967180/</ref>