Juniper Releases Second Patch To Fix Flaws

Juniper has been in the news a lot recently, after discovering that their firewalls exposed virtual private networks ‘secure’ data. It was then revealed that this went one step further, with groups like the NSA and GCHQ working together to hack Junipers firewalls. If this wasn’t bad enough, Juniper fell silent on the matter before it was revealed that the software that was vulnerable was still located within their software.  This is set to change though with Juniper releasing a second patch, designed to remove the software responsible for their “insecure” software.

In a post titled “Advancing the Security of Juniper Products“, the use of Dual_EC and ANSI X9.31 will be replaced with a different number generator, one that is used in other products. Dual_EC is the software that is considered flawed and therefore, the greatest security risk, even though it was only added to the software a year after the issues were publically revealed.

This action comes as part of a “detailed investigation” of their software’s code, resulting in patches and the removal of “unauthorized code”. While these actions are well welcomed the questions remain as to why this all started. Where did the “unauthorized code” come from and if Stephen Checkoway, a computer science lecturer from the University  of Illinois in Chicago, is correct, the addition of Dual_EC actually reduced the security on Juniper’s software, making it easier to access it through a backdoor.

Juniper Still Hasn’t Removed Backdoor Vulnerability from Its Software

Last month, Juniper Networks – a company that supplies security software to the likes of AT&T, Verizon, NATO, and the US Government – reported that it had found what it described as “unauthorised code” – effectively a backdoor – in its NetScreen firewall software, through which it was possible for a third-party to decrypt data sent through it using an encrypted VPN (Virtual Private Network), and that had existed since at least 2012.

Now, Wired reports that Juniper has fallen silent on the matter, refusing to discuss an insecure encryption algorithm within the software that essentially allowed the backdoor to be inserted. Juniper refuses to explain why Dual_EC, a pseudo-random number generator, was included in NetScreen, or why it still exists within the software even after the backdoor revelation.

Stephen Checkoway, a Computer Science lecturer from the University of Chicago, discovered that Juniper knowingly added the insecure Dual_EC to its software, despite having a more secure ANSI algorithm in place. Dual_EC was added to NetScreen version 6.2.0 in either 2008 or 2009, while the vulnerabilities in Dual_EC were revealed in 2007.

Even more explicably, Juniper then changed the nonce (random number string) size within the algorithm, from 20 bytes to 32 bytes. 32 bytes was the optimal size for exploitation by hackers, according to the data revealed in 2007.

“The more output you see [from the generator], the better [it is to crack the encryption],” Checkoway said. “Anything you see over 30 bytes is very helpful. Anything you see less than 30 bytes makes the attack exponentially harder. So seeing 20 bytes makes the attack basically infeasible. Seeing 28 bytes makes it doable, but it takes an amount of time, maybe hours. Seeing 32 bytes makes it take fractions of a second.”

While it was Juniper that revealed the existence of this backdoor, it seems that it facilitated its creation, and has done nothing to fix it since.

Juniper Networks Finds ‘Unauthorised’ Code in Its Software

Cyber security and the integrity of applications are essential for consumers to have confidence their details will be kept safe and not intercepted by a third-party. Well known internet hardware company Juniper networks have issued a warning concerning a discovery it has made within its firewall software, which could have led to a third-party being able to decrypt data which has been sent through an encrypted VPN (Virtual Private Network)

During a recent internal code review, it was discovered that “unauthorised code” had somehow made its way into Juniper’s ScreenOS software, it’s interesting to note that many ISPs (Internet Service Providers) and also large firms implement the companies routers and network switches. The vulnerability could have allowed a third-party, or as the company refers to the threat as a “Knowledgeable attacker”, could be 12-year-old for all we know, to gain administrative access to NetScreen devices and to decrypt VPN connections.

The unwanted slice of extra code has been present within different versions of ScreenOS since 2012. Juniper has confirmed that it is not aware or received any reports of the vulnerabilities being exploited and urges everyone running the affected devices to quickly apply the released patches with the aim of stripping the unauthorised code out of its firewall software ASAP.

It’s a serious breach and questions will surely be asked concerning how the code managed to make its way into the software.

Image courtesy of smarteranalyst