Juniper Networks removes eavesdropping code

Juniper Networks has been facing a firehose of criticism since it revealed last month that security flaws in its own code could have allowed for eavesdropping on users’ communications for years. 

The flaws garnered widespread attention because they occurred in Juniper’s ScreenOS, firewall firmware widely used by corporations and government agencies. Although Juniper released a security update to fix the encryption backdoor, vulnerabilities persist—any users who have not installed the update are still vulnerable, and security researchers have called attention to the possible involvement of the National Security Agency in the replacement code. 

In response to the continued criticism, Juniper announced Friday that it would make additional security improvements to ScreenOS sometime this year. 

What’s wrong with ScreenOS? 

At a cryptography conference held at Stanford University last week, researchers from the University of California, San Diego, presented findings that Juniper’s code had been tampered with several times since 2008 to enable eavesdropping, Reuters reports

The researchers scrutinized Juniper’s use of a supposedly random number-generating algorithm called Dual-Elliptic Curve in its encryption. 

Cryptographers are wary of Dual-Elliptic Curve, or Dual_EC, because it relies on a seed number to generate the “random” numbers—and, if a hacker has access to the seed number, he or she can predict what those random numbers will be. 

The UC San Diego researchers, led by Hovav Shacham, found that Juniper’s seed number was altered, suggesting that the algorithm Juniper used to encrypt communications was compromised. The team also found that some of the generated numbers were being displayed, which could make it easier for an attacker using the seed number to predict the “random” output of numbers.

Why is there speculation about the NSA’s involvement?

Nicholas Weaver of the International Computer Science Institute told Reuters that the compromises found in Juniper’s use of Dual_EC hinted at NSA involvement, but the NSA has been tied to Dual_EC in the past. 

The NSA was involved in designing Dual_EC, and both Reuters and the New York Times reported in 2013 that the algorithm may enable a NSA backdoor for eavesdropping on encrypted communications. 

What’s Juniper doing to fix the security issue?

In a blog post published Friday evening after the conference at Stanford, Juniper CIO Bob Worrall announced that the Dual_EC would be replaced in future versions of ScreenOS. “We will replace Dual_EC and ANSI X9.31 in ScreenOS 6.3 with the same random number generation technology currently employed across our broad portfolio of Junos OS products,” he wrote. “We intend to make these changes in a subsequent ScreenOS software release, which will be made available in the first half of 2016.”

Worrall also offered assurances that Juniper would continue to improve security in its products. He noted that the firm has worked to keep customers informed of the vulnerabilities and to fix them as quickly as possible. “We have also demonstrated that it is our policy to fix security vulnerabilities when they are found and to notify our customers according to our Security Incident Response Team procedures,” he wrote. 

“The investigation of the origin of the unauthorized code continues,” he added. Worrall had previously called the flawed code, which enabled the decryption of VPN traffic, “unauthorized,” suggesting that it had been snuck in rather than placed intentionally by the company. 

Illustration by Max Fleishman

Kate Conger

Kate Conger

Kate Conger is a politics and cybersecurity journalist who currently writes for Gizmodo. Her work has previously appeared in BuzzFeed, Digital Trends, Real Clear Politics, San Francisco Examiner, and elsewhere. Together with Dell Cameron, she won the Society of Professional Journalists' award for Best Scoop in 2017 for a report on the leak of data about 200 million American voters.