From the course: SSCP Cert Prep: 7 Systems and Application Security

Understanding backdoors and logic bombs

From the course: SSCP Cert Prep: 7 Systems and Application Security

Start my 1-month free trial Buy for my team

Understanding backdoors and logic bombs

- [Instructor] We've already talked about quite a few types of malware: viruses, worms, Trojan horses, adware, spyware, and ransomware. All have one thing in common. They are independent programs written by malware developers to deliver a malicious payload. Some malware, however, doesn't fit this pattern. Instead of being independent programs, they are pieces of code inserted into other applications with malicious intent. Let's talk about two types of malware that fit in this category: backdoors and logic bombs. A backdoor occurs when a programmer provides a means to grant themselves or others future access to a system. They usually do this with benevolent purposes. They might simply be trying to make programming easier so that they don't have to keep logging in with user credentials, or they might be providing a mechanism to allow access later if a customer locks themselves out of their own system. But these backdoors can have unintended side effects. The customer might not want the vendor to have access to the system once it's installed and backdoors might fall into the wrong hands, especially if they're published in the user manual. Backdoors occur through several different mechanisms. Sometimes they're hardcoded accounts where there's a specific username and password that will always grant access to a system. In other cases, there are default passwords that users might not remember or know to change. And then finally, there might be unknown access channels where there's a way to gain access to a system without going through the normal authentication process. Probably the most famous example of a backdoor occurred in the movie WarGames in 1983 when Matthew Broderick gained access to a military computer system by learning the name of the system creator's son Joshua and then using that to gain full administrative access to the system. In 2014, security experts found a backdoor in Samsung Galaxy devices that allowed remote access to data. Then in 2015, reports hit the media about default passwords in credit card readers that allowed access to thousands of systems. And just recently, I was scrolling through the manual for my sprinkler system and discovered that right there in the manual was a default username and password that many people probably haven't bothered to change. The second type of malware that works by modifying existing code is the logic bomb. A logic bomb is malware that's set to execute a payload when certain conditions are met. This might be a specific date and time occurring, the modification of the contents of a file to contain specific trigger information, or the results of an API call. If you think about the scenarios where a logic bomb might occur, the classic scenario is a programmer who's creating a payroll system and then includes logic in that payroll system that checks every day to see if the programmer is still active on the payroll. If the programmer suddenly disappears from the payroll, the assumption is they were terminated and malicious action might trigger automatically as retaliation for the programmer being fired. In a real world example of a logic bomb, in 2003, a logic bomb struck many government computer systems in South Korea. And logic bombs date back to the early days of computing when in 1989, the Friday the 13th logic bomb sat dormant on systems until the calendar read that it was both the 13th day of the month and a Friday before it delivered its payload. Backdoors and logic bombs both represent significant risks to application security. As a security professional, you must remain vigilant to protect your organization against these threats. In addition to standard anti-malware controls, you should routinely change default passwords, disable unused accounts and monitor security bulletins for news of logic bombs and backdoors in software that your organization uses.

Contents