Juniper will drop a function alleged developed by the NSA for surveillance

Juniper Networks announced on Friday it would stop using the security code that experts believe was developed by NSA for surveillance purpose.

The Juniper Networks company announced last week it would stop using a portion of code that security experts believe was developed by the National Security Agency in order for surveillance purposes.

The code that relies on numbers generated by Dual Elliptic Curve technology could be exploited by the US intelligence to eavesdrop secure connections and access sensitive data.

“We will replace Dual_EC and ANSI X9.31 in ScreenOS 6.3 with the same random number generation technology currently employed across our broad portfolio of Junos OS products. We intend to make these changes in a subsequent ScreenOS software release, which will be made available in the first half of 2016.” states the announcement published by Juniper Networks.

Developers at Juniper Networks have designed a new version of the security software that will replace the suspicious code. those that rely on numbers generated by Dual Elliptic Curve technology.

The announcement from Juniper Networks comes after a group of cryptographers who analyzed the code presented at a Stanford University conference the results of their research. The cryptographers discovered that the code in the Juniper appliances had been changed in multiple ways during 2008 to allow the intelligence eavesdropping on virtual private network sessions.

The researchers discovered NetScreen used predictable outputs from Dual_EC_DRBG to bypass ANSI X.9.31. The researchers pointed out a separate code change made in 2008 that created the conditions to exploit the Dual_EC_DRBG weaknesses

A first modification to the code was introduced in the 2012 and included a change of a constant in Juniper Netscreen OS that allowed nation-state hackers to spy on customers.

A second change was made in 2014 allowing anyone who knew a hard-coded password to eavesdrop on customers’ communications.

“Juniper’s initial patch had gotten rid of that constant in Dual Elliptic Curve and replaced it with the version it had been using since 2008.” states the Reuters. “But the academics who studied the code said that while Juniper had not disavowed the 2008 code, it had not explained how that constant was picked or why it was using the widely faulted Dual Elliptic Curve at all.”

The cryptographers raised questions about Dual Elliptic Curve that have been manipulated by a persistent attacker, likely the NSA, that managed to insert the unauthorized code with the involvement, consciously or not, by Juniper employee.

In December, Juniper announced to have found an unauthorized piece of code in the operating system for Juniper NetScreen firewalls. The “unauthorized code” that could allow an attacker to decrypt VPN traffic.

[“unauthorized code”] “could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.”

According to The Register, the presence of the unauthorized code could date back to 2008, the experts referred a 2008 notice issued by Juniper’s about a security issued that impacts ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20. ScreenOS 6.2 was released. The Screen OS 6.3 was presented in 2009.

“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” Juniper Chief Information officer Bob Worrall wrote. “Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.” the advisory states.

The experts explained that there are several releases with numerous versions of the Juniper products and the unauthorized code was only found in some of them.

A separate advisory issued by the company confirmed the presence of two separate vulnerabilities in its products, the first one allows unauthorized remote administrative access to an affected device over SSH or telnet, “The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic,” the advisory said. “It is independent of the first issue. There is no way to detect that this vulnerability was exploited.”

The Reuters reported the opinion of the researcher Hovav Shacham of the University of California who said that the “2014 back door was straightforward” and quite easy to exploit.

 

Pierluigi Paganini

(Security Affairs – NSA, Juniper Networks)