0
0
Discovery of Backdoor in xz Utils
Recently, researchers unveiled a backdoor that was deliberately inserted into xz Utils, an open-source data compression tool commonly found on Linux and Unix-like operating systems. The perpetrator behind this nefarious act likely dedicated considerable time and effort to the project, nearly succeeding in getting the backdoor update included in major distributions like Debian and Red Hat before being thwarted by a vigilant software developer.
Background of xz Utils
xz Utils plays a crucial role in Linux systems, offering lossless data compression for various Unix-like operating systems. This utility is indispensable for compressing and decompressing data in a wide range of operations and also supports the legacy .lzma format, further highlighting its significance.
The Unveiling of the Backdoor
Andres Freund, an engineer working on Microsoft’s PostgreSQL offerings, stumbled upon the backdoor while investigating performance issues on a Debian system related to SSH logins. Excessive CPU consumption during SSH logins and errors with valgrind led Freund to discover the intentional manipulation of xz Utils software, which prompted him to disclose the troubling findings on the Open Source Security List.
Functionality of the Backdoor
The malicious code embedded in versions 5.6.0 and 5.6.1 of xz Utils altered the behavior of the software during lzma compression and decompression activities involving SSH. This modification enabled the execution of malicious commands with root privileges, granting unauthorized access to the system with a predetermined encryption key.
Creation and Implementation of the Backdoor
The backdoor appears to have been meticulously planned over several years. In a series of strategic moves, an individual with the username JiaT575 made subtle contributions to open-source projects, laying the groundwork for the backdoor. JiaT575, later identified as Jia Tan, strategically infiltrated the xz Utils project, altering the software and persuading key stakeholders to incorporate the updates into major Linux distributions.
Technical Insights on the Backdoor
Upon analyzing the malicious updates, researchers uncovered a multifaceted backdoor that exploited various components of the software. The attack targeted specific system configurations and employed intricate techniques to conceal its presence, allowing for the execution of payloads and the interception of SSH connections.
Identifying Jia Tan
Despite the extensive impact of the xz Utils backdoor, very little is known about the elusive figure behind the username Jia Tan. This individual’s involvement in numerous open-source projects raises questions about their true identity and motives, casting a shadow of mystery over the entire incident.
Image/Photo credit: source url
