Threat Category: Isolated Execution Environments
ID: STA-12
Threat Description: Software developers often create backdoors as administrative tools that are used for troubleshooting or to access encrypted data. However, backdoors may create security risks that can be used by threat actors to bypass security policies and mechanisms which can result in system compromise.1
Threat Origin
Chinese ARM vendor left developer backdoor in kernel for Android, other devices 2
Exploit Examples
Not Applicable
CVE Examples
Not Applicable
Possible Countermeasures
References
SearchSecurity, backdoor (computing), blog, Aug. 2017; https://searchsecurity.techtarget.com/definition/back-door [accessed 12/02/2019] ↩
S. Gallagher, “Chinese ARM vendor left developer backdoor in kernel for Android, other devices,” Ars Technica, 11 May 2016; http://arstechnica.com/security/2016/05/chinese-arm-vendor-left-developer-backdoor-in-kernel-for-android-pi-devices/ ↩