spr

Should We introduce Backdoors and forget Security?

By . Published Jun 28, 2019 6 mins read

As an African child, the best thing you can do is to clutch at your mothers dress very early in the morning and burst into a pre-programmed cry early in the morning when she is about to go to the shamba (farmyard). This almost always works because the next thing she will do is put you on her back and the two of you will be on your way to the shamba. When you are enjoying a free ride on your mothers back, it is imperative to cut off the supply of tears to your eyes so as to appease your car. But when the ploughing starts, you caring mother will put you in a shade somewhere and as a child your curiosity will always overwhelm you. You will start chasing after grasshoppers, poking millipedes, playing around with toads till you find yourself right close to your mother who by now is busy ploughing with those massive, size 7 jembes.


This posed a lot of danger and my grandmother (my mother would not even bring me this far) used to hate this. She had a cunning way of dealing with it though. She would lure you into a trap by distancing herself from the others (they used to do this in groups). She would then dig a massive hole, perhaps a bait then pretend to fix something in her dress. You would then steal chances and jump into the hole then get out before you start feeling comfortable and finally relax there for a minute or two. She would then burry half of your body on the ground while you are seated there. This initially looked good till when she got up and went away leaving you there. With very limited mobility, you would cry like never before but this would not fool her into coming for your freedom. It always got worse when the millipedes that you were poking with grass before rode through your sweaters and flies landed on your nostrils which by now were almost always full of nasal mucus and flooded with streams of tears. Crying for an hour would slowly pump adrenaline into your bloodstream. Some complex reactions occur and dopamine takes over and soon, you would be sleeping while seated. I suppose this is the reason why we were pretty good at sleeping while seated. Anyway, is this an illegal act? No. Immoral? Yes.


The same debate surfaces in the tech industry. Nowadays, cybersecurity is such a big issue that almost every company has a dark history. Apple recently had a particularly big one when it was asked by the FBI to open the backdoor to a phone of a suspect. Tim cook tried to tell apple clients through some media conference that apple will not betray its customers by opening the backdoor. This case went to court, came out, court orders were given, some were defied and at the end of the day, news headlines said that the security agency had managed to access the information that they were after. They said that they hired a hacker to do it and he walked home with $1,000,000.


In my opinion, apple started betraying its clients from the day it started thinking of making a backdoor. Why would apple think of designing a backdoor in the first place had it not been with the intent of having the power to shut down a device or steal information or maybe spy on someone? How much trust did they have that no one else would know of the existence of such a thing and take his or her time, blood sweat and tears to come up with a cunning way of opening it? That was espionage and Apple should accept that it was their own mistake.

It is interesting to be on the other side of the door. The best reward a programmer can have, apart from a constant supply of warm coffee, fast internet, stack overflow and the cash of course. You can choose to monitor your client’s activities, sell his/her private information or at times be the only hope that he or she has when in need. Most of these are stolen pleasure and we all know that stolen pleasure landed King David into trouble. It is unethical and illegal not to inform your client that there is a backdoor in the system. I can easily put this as the sixty third commandment.


 While backdoors are critical in some projects especially when it is the only option, they are a big threat. Designing a software to have a backdoor is what I would consider the start of hypocrisy, followed by feminism. Since some of these software are designed by a team, someone from that team could easily turn into a traitor and put the buyer to his or her knees. Imagine that you have been tasked with the design and implementation of a software that controls PLCs in substations. If a backdoor is introduced in such thing, anyone could easily cause a disaster. At the press of a button. The whole country would experience a blackout. The parties involved will be losing money. Other criminals would easily take advantage of the situation and you can imagine the scale of the disaster.  


It also puts one into the risk of being targeted by terrorist or extremists who might be having bad intentions. The moment someone wants to commit a crime and he or she knows that you are the only beacon in that new world that he or she is in, you cannot fail to be a target. It is good that FBI went to court, had it been in Kenya, the only evidence the government would give would be a CCTV camera image of you with an unknown lady spotted in Kileleshwa in the morning when you were reported to be missing at 10 in the evening.


Hackers are always on the prowl looking for backdoors. Before Christianity got hold of me, I used to visit the dark web looking for the latest zero day vulnerabilities and attacks. I can tell you for free, someone is always there looking for your weakness. Hackers and regulars alike have particularly made money by siting issues with adobe flash player. Take a good look at how long it takes before your computer tells you that there is a new version of adobe flash player. Flash player has been a victim of cyber-attacks for long and the team that works on that software is always on toes. Someone will always find the backdoor even if you are the only one who developed the software. Remember that it took a child, a graduated toddler to find a bug that made someone to easily manipulate Instagram accounts and make people to follow others without their consent.

Anyway, if your client poses a backdoor as one of the requirements in the project, who are you to deny?

 

SHARE
RELATED POSTS
LEAVE A REPLY