DARPA declares war on backdoors
With a call for suggestions for testing software and commodity IT devices, the US Defense Department's Defense Advanced Research Projects Agency (DARPA) is declaring war on backdoors, which it sees as a widespread problem. Under current circumstances, the department says, it is not possible to verify the security of every one of its devices in a timely fashion. The objective of DARPA's VET programme is to develop new approaches to ensure that IT products are free of backdoors and secret malicious code.
Along with computers and their software, devices that will be systematically tested include mobile phones, routers, and printers. DARPA will host a Proposers' Day on 12 December to give interested parties more information on the project.
Companies often include special access routes to their devices to facilitate support, but that access is often insufficiently documented or even not documented at all, meaning that even security-conscious administrators have little chance of discovering and closing backdoors in order to meet stricter security requirements.
However, such information rarely remains a secret; eventually it makes its way around the internet, and security researchers are constantly finding undocumented accounts and additional functions in the course of their analyses. Ideally, they inform the company behind the software or device, which then issues an update to close the backdoor – but it's far from uncommon for the company to just ignore the problem and hope it goes away.