U.S. Officials Ask Juniper Networks About Investigation Into 2015 Backdoor

More than a dozen U.S. officials have sent a letter to California-based networking and cybersecurity solutions provider Juniper Networks to ask the company about the results of the investigation launched in 2015 following the discovery of a backdoor in its products.

In late 2015, Juniper Networks revealed that it had identified unauthorized code in some versions of the ScreenOS operating system running on its firewalls. The code was found to introduce two vulnerabilities: one that could be exploited to remotely gain admin access to a device, and one that could allow an attacker to decrypt VPN traffic.

The VPN vulnerability was related to the use of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG), which ScreenOS used as a pseudo-random number generator (PRNG). Dual EC DRBG was known to contain a backdoor introduced by the NSA, which led some to speculate that the NSA may have planted the unauthorized code in Juniper products, while others said it could have been the work of a foreign government.

An initial analysis revealed that the backdoor may have been there since 2008. Juniper had been aware of the security risks posed by the use of Dual EC DRBG and it had not used it as its primary PRNG. In addition, the company made some changes that should have mitigated risks, but the unauthorized code enabled the backdoor and made it possible to launch attacks.

A group of three senators and 13 members of the U.S. House of Representatives announced on Wednesday that they have sent a letter to Juniper Networks in an effort to find out what the company learned from its investigation into what the officials described as “secret government backdoors.”

“It has now been over four years since Juniper announced it was conducting an investigation, but your company has still not revealed what, if anything, it uncovered,” the officials wrote. “The American people — and the companies and U.S. government agencies that trusted Juniper’s products with their sensitive data — still have no information about why Juniper quietly added an NSA-designed, likely-backdoored encryption algorithm, or how, years later, the keys to that probable backdoor were changed by an unknown entity, likely to the detriment of U.S. national security.”

The letter was sent to Juniper just as the U.S. Attorney General and other government officials have been trying to convince — and in some cases even force — companies to add encryption backdoors to their products to facilitate surveillance and investigations.

Juniper has been given one month to answer eight questions about the incident, including on the company’s decisions surrounding Dual EC DRBG, the results of its investigation, the source of the unauthorized code, and any recommendations made and implemented following the probe.

SecurityWeek has reached out to Juniper Networks for comments, but we have yet to hear back. This article will be updated if the company responds.

Related: Backdoors Not Patched in Many Juniper Firewalls

Related: Cisco Reviewing Code After Juniper Backdoor Hack

Related: Juniper Firewall Backdoor Password Found in 6 Hours