Was your data compromised in the recent Juniper firewall breach?
Juniper Networks has just announced that it discovered “unauthorized” code in its firewall software, prompting concerns for individuals and organizations that use the company’s routers. According to a report from the BBC, the unauthorized code could allow hackers to access protected data by bypassing the company’s firewall.
Juniper revealed that their software had been hacked in a public security advisory, saying that whoever wrote the code could potentially be using it to spy on conversations that were supposedly encrypted. Analysts believe that the code can decrypt data that is sent over virtual private networks, or VPNs.
The company has released multiple patches that will remove the code from its firewall software, and has urged its customers to utilize the patches to protect against further security breaches. As of now, Juniper officials have no clue where the unauthorized code could have originated.
The code was discovered in Juniper’s ScreenOS software, which is used by numerous large companies to keep tabs on the traffic going in and out of their networks. Juniper’s routers and other products are commonly used by large corporations and ISPs.
A review of the code showed that ScreenOS was where the hackers attempted to make their mark. Investigators are still unclear about the origins of the code, or how it could have been snuck into the firewall software.
Some even believe that the code has been hiding in the firewall software for years, dating back to versions of ScreenOS rolled out in 2012. The company found no evidence that the loopholes made by the code were actively being used, but the vulnerability has left the company and its users on edge.
According to Bob Worrall, the Chief Information Officer of Juniper, “We strongly recommend that all customers update their systems and apply these patched releases as soon as possible.” The company revealed that the unauthorized code would allow hackers to access administrative accounts and cover up any evidence of a security breach.
The full statement from the SVP Chief Information Officer at Juniper, Bob Worrall, can be found here.