Home » Communications

Backdoor in OpenBSD?

Posted 15 Dec 2010 | Comments Off on Backdoor in OpenBSD? | 1,383 views

OpenBSD, one of our favorite operating systems, will soon be undergoing an audit. Theo DeRaadt has forwarded an email which he received to the OpenBSD tech mailing list. The email alleges that the FBI secretly placed back doors in the OpenBSD IPSEC code. Gregory Perry made the claims after his nondisclosure agreement with the FBI expired. Perry previously worked as a government contractor and claims the backdoors were added back then.

The alleged back doors would enable the FBI (or any other party with knowledge of the backdoor) to snoop on encrypted VPN traffic. OpenBSD prides itself on being a stable and secure operating system. The IPSEC code in question is open source and has been used in many other projects. OpenBSD code is supposed to be audited regularly so a backdoor would be a concern and a hint that the audit process may be broken if it did indeed get added.

Theo DeRaadt stated that he will not take any action, but he posted the email so that others could. He is recommending that the code maintainers audit the code to verify the claim. At this time there have been no corroborating statements from anyone affiliated with the project. At least the code is open source, which means that the community can inspect it unlike with proprietary code where the user must trust the vendor. In the end, this may turn out to be a hoax. On the other hand, this story over at CNET makes you wonder.

Comments are closed.