Rub shoulders with leading experts and industry disruptors at TNW Conference →

The heart of tech

This article was published on December 18, 2015


    Juniper casually announced that someone snuck unauthorized code into some of its devices

    Juniper casually announced that someone snuck unauthorized code into some of its devices
    Owen Williams
    Story by

    Owen Williams

    Former TNW employee

    Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their word Owen was a reporter for TNW based in Amsterdam, now a full-time freelance writer and consultant helping technology companies make their words friendlier. In his spare time he codes, writes newsletters and cycles around the city.

    You might not know what Juniper does, but you’ve probably used its hardware at some point as you surf the web unknowingly.

    Juniper builds network hardware in the same vein as Cisco and is used by companies all over the world to run their infrastructure.

    The company today admitted that at some point in the past, an unauthorized party added code to its ScreenOS firmware used by NetScreen devices, which could allow attackers to gain administrative access to devices as well as decrypt VPN connections.

    NetScreen was acquired by Juniper all the way back in 2004 as it looked to bolster its network and application security appliance offering. Many of its products perform packet inspection as network traffic travels to detect malicious intent before it reaches end users.

    It’s a huge admission, even if Juniper is trying to downplay it — though it’s impressive it disclosed it at all. The company didn’t say whether it knows who the unauthorized party is, or if it was an internal security failure rather than a breach of the company itself.

    netscreen5200-right-high
    A Juniper NetScreen 5200 device

    The fact that Juniper doesn’t know — or won’t admit — when the software was added or by whom is cause for concern, as it may have existed for years before detection.

    Considering the NSA’s active spy programs, it’s easy to connect the dots between this attack and the spy agency’s FEEDTROUGH program, which “burrows into Juniper firewalls and makes it possible to smuggle other NSA programs” into a network.

    Juniper is remaining tight-lipped about the attack, though its knowledgebase article admits that “there is no way to detect that this vulnerability was exploited” and that it can lead to “complete compromise” of the affected system.

    The company has released a patch for the vulnerability for NetScreen devices, but given there’s no way to detect the attack and Juniper only just realized this code exists, it’s a big ask for customers to trust that there isn’t other code it doesn’t know about as well.

    Important Juniper Security Announcement [Juniper Forums]