[W]hen you build a back door . . . for the good guys, you can be assured that the bad guys will figure out how to use it as well.
back door (often spelled backdoor) (also called a trap door, trapdoor or golden key) is
hardware or software mechanism that (a) provides access to a system and its resources by other than the usual procedure, (b) maintainers, and (c) usually is not publicly known.
[a] hole or access point left, by design, in the
program by the original programmer or developer. Usually used by programmers to simplify the program-testing procedures; however, on occasion, programmers forget to close these holes or are not aware of other holes created by the original backdoor.
A backdoor "generally circumvents
security programs and provides access to a program, an online service, or an entire computer system. It can be authorized or unauthorized, documented or undocumented."
Back doors allow
attackers to execute remote commands and install other software, which may in turn compromise passwords or other personal data, or allow the machine to be used for further nefarious purposes. Remote access or backdoor functionality is typically now included in most Trojan horses and bot programs. A backdoor may intentionally but ill-advisedly be included in legitimate software products to facilitate remote customer support, but become an exploitable vulnerability when discovered by malicious actors. "If a backdoor is installed on a network-attached computer, a person anywhere on the Internet may be able to gain control of the computer without your knowledge or approval. A backdoor need not have malicious intent; e.g. operating systems are sometimes shipped by the manufacturer with privileged accounts for use by field service technicians or the vendor's maintenance programmers. However, they may also be used for intrusion by unauthorized persons."
Most back doors consist of a
client component and a server component. The client resides on the intruder's remote computer, and the server resides on the infected system. When a connection between client and server is established, the remote intruder has some degree of control over the infected computer. At a minimum, most back doors allow an attacker to perform a certain set of actions on a system, such as transferring files, acquiring passwords, or executing arbitrary commands.
"Some of the measures that states can take to compel
service providers to create backdoors include:
Another approach that gained attention in early 2016 are measures to compel companies to generate and
deploy software updates that would defeat the encryption protections from a particular device, tool or service."
Encryption and Evolving Technology: Implications for U.S. Law Enforcement Investigations, Summary.
Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage, at 114.
Internet Security Glossary, at 19.
Internet Banking: Comptroller's Handbook, at 64-65.
↑ Internet Security Glossary 30 (RFC 4949) (Ver. 2) (Aug. 2007).
Smart Grid Threat Landscape and Good Practice Guide, at 13. See also NIST Special Publication 800-82, at B-1.
↑ Symantec, Glossary (
Investigations Involving the Internet and Computer Networks, at 87.
Information Technology Security Handbook, Annex 1, Glossary.
Encryption: A Matter of Human Rights, at 35.