Header Ads

Open SESAME… is there a back door to everything proprietary?

Back doors are fairly common in Building and Architecture. They provide another means of access and also an alternative exit point in cases of emergency. In computing, Backdoors are a means whereby an individual can gain access to a system without passing the normal login process. The existence of backdoors in software and hardware is fairly common as can be attested by the famous 12 historically insidious backdoors. Backdoors can be introduced through an error in coding or put there purposely by the developer. It is the latter type, the backdoor introduced on purpose that should concern us for it carries considerable privacy and security risks.

Marked in yellow: backdoor admin password hidden in the code

Backdoors that are introduced on purpose are not so common on  Open sourcesystems because their source codes are published and anyone can verify or look into the code. For closed source or proprietary systems, the situation is more complicated. Since the source code is not published, one of the few ways for a third party to verify the code is by binary reverse engineering. But the Free Software Foundation, developers of the GNU project claim that most propriety software contain Backdoors. They give a long list of demonstrated back doors in proprietary software which range from spying, altering user data, installing/deleting programs, etc. While some of these claims seem rather far-fetched, I think they are worthy of taking the time to investigate and to arrive at your own conclusions.

Finally, how do we mitigate Backdoors? A promising solution seems to be the use of reproducible builds. “A build is reproducible if given the same source code, build environment and build instructions, any party can recreate bit-by-bit identical copies of all specified artifacts.” You can read more about Reproducible Builds here.

No comments

Powered by Blogger.