Spartak - Fotolia

News Stay informed about the latest enterprise technology news and product updates.

Risk & Repeat: Backdoor access, strong encryption debate rolls on

Listen to this podcast

In this week's Risk & Repeat podcast, SearchSecurity editors discuss the FBI's continued criticism of encrypted devices and the risks of vendor-created backdoor access points.

The discussion over backdoor access in IT products received more fodder this year thanks to the FBI and Lenovo.

First, FBI Director Christopher Wray said that encrypted devices that can't be unlocked by law enforcement are a "public safety issue." Speaking at the FBI International Conference on Cyber Security earlier this month, he said the FBI currently possesses nearly 7,800 locked devices that it can't access despite having warrants. While Wray said the FBI is not looking for backdoor access to devices, he criticized the technology industry for not pursuing a "responsible solution" to the problem.

Then, shortly after Wray's comments, Lenovo issued a security advisory announcing it had found an authentication bypass mechanism in the Enterprise Networking Operating System (ENOS) software that runs some of the computer-maker's switches.

The bigger problem, according to the security advisory, was that the mechanism was named HP backdoor; Lenovo discovered it had been placed in ENOS in 2004 when the software was owned by Nortel Networks following a request from a Nortel OEM customer. However, it's unclear why Nortel decided to add a backdoor into the OS and if HP refers to Hewlett Packard Enterprise.

Lenovo's security advisory adds a wrinkle to the debate over strong encryption. Does Wray's criticism of technology companies have merit? How could the HP backdoor go unnoticed for so long? How common are vendor-created backdoor access points in popular technology products? SearchSecurity editors Rob Wright and Peter Loshin discuss those questions and more in this episode of the Risk & Repeat podcast.

Enterprise Desktop
  • Understanding how GPOs and Intune interact

    Group Policy and Microsoft Intune are both mature device management technologies with enterprise use cases. IT should know how to...

  • Comparing MSI vs. MSIX

    While MSI was the preferred method for distributing enterprise applications for decades, the MSIX format promises to improve upon...

  • How to install MSIX and msixbundle

    IT admins should know that one of the simplest ways to deploy Windows applications across a fleet of managed desktops is with an ...

Cloud Computing