Juniper Networks released an advisory that should chill anyone who relies on their software to manage firewalls. It seems that unauthorized code was slipped into the OS and that the code makes it possible to decrypt VPN traffic passing through firewalls.
The Security Flaw
This security flaw affects ScreenOS versions 6.2.0r15 through 6.2.0r18. Version 6.3.0r12 is also affected.
As of now, none of the company’s other products seem to be affected by the security issue.
Juniper itself discovered the bad code. The company has already released a patch for affected operating systems. More information on the issue can be found within the technical documentation at the company’s site.
What Could Happen?
The security issues could allow for significant breaches. According to the company, the flaws could allow a “knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections.”
Another vulnerability could allow someone to get administrative access on the device with the bad code over SSH or telnet.
Both of those issues, of course, are significant in their implications. Juniper Network’s products are mostly used by ISPs and other large-scale operations, however, so everyday users are not likely to be affected by the security issues.
The Usual Suspects
It should come as no surprise who the most widely-suspected culprits behind the security breach happen to be. The NSA was long ago revealed to have compromised products by many well-known security and computer manufacturing firms.
In fact, a division of the NSA called ANT, according to Der Spiegel, was already circulating a document years ago that was, according to the outlet, similar to a catalog. That catalog detailed all the various products that ANT has broken.
The NSA targeted Juniper Networks with a program called FEEDTROUGH. This was malware and it penetrated Juniper firewalls, allowing the NSA to install software on devices that were supposed to be protected.
Multiple sources are reporting that the connections to the NSA are just too strong to ignore and that, once again, it seems that the agency has surreptitiously penetrated security measures employed by legitimate businesses as a part of its massive spying operation.
Are VPNs Still Safe?
This security issue specifically affected the Juniper Networks products mentioned above and, to date, isn’t known to affect any others.
There are VPN protocols that are compromised, however. PPTP is well known to be vulnerable and should not be used. L2TP/IPsec may or may not be compromised, but is generally believed to be secure. OpenVPN is still the preferred protocol among those who are very security conscious.
Most of our preferred providers offer all three of the aforementioned protocols, but using OpenVPN is highly recommended.