Cyber Backdoors: myth and reality

Every day we read articles on cybersecurity and privacy referring to “backdoors.” This term needs some clarification. I’ve seen all sorts of explanations of the term and its origin, including even linking it to Internet pornography. While the current situation in cybersecurity is certainly reminiscent of pornography, the origin and nature of cyber backdoors is very different.
The term is borrowed from residential architecture and means just what it says. It’s not the supposedly well-protected “front door,” but a relatively obscure entrance for casual private use, commonly having weaker protection for the residents. In cyber systems it’s exactly that: a supposedly secret entry point supplementary to the main entry point to a system, granting simplified logon procedures with deeper access to those in the know.
And that’s where the real problem lies.
First of all, any additional entry point to a network inevitably weakens a system’s security. The more entry points there are the more difficult it is to arrange and manage security. So, point one here is that even the very fact that any backdoor exists automatically weakens the security of a network.
Secondly, simplified entry procedures for the backdoors always mean they have weaker security than the front doors. For example, it’s not uncommon to have a backdoor to a network that creates a shortcut around a stronger VPN (Virtual Private Network) system protecting a front door, with the backdoor protected by a firewall that is always more vulnerable. So, point two here is that the common setup of a backdoor weaker than the front door always compromises the system.
Now, what’s the rationale for creating backdoors? For hackers, it’s pure and simple: it allows perpetual deep and undetected access to the system. The only risk is that it can be discovered and eliminated. So what? The hacker can simply make a different backdoor. With the Government it’s a totally different story; they seem to think that if a company creates a backdoor for them it’s for the Government’s exclusive use. The problem is that if a backdoor exists it can be discovered and hacked by anybody.
Believing that a backdoor is exclusive is fundamentally flawed. It’s as flawed as the wishful thinking in some government circles that they can develop a cyber security technology that they alone can hack. This is an arrogant assumption that historically has been defeated time and time again. You are never the smartest guy on the planet. Period.
So, in addition to all other issues involved in the Government’s pursuit of backdoor data collection, the uncomfortable but obvious conclusion is that by requiring backdoors they further weaken the already weak enough security of our networks, making them easier prey for any attacker.

Leave a Reply