An exploit function that allows someone unknown, usually a Bad Guy, to access certain privileges on a target system. It can be a piece of malicious code, like a virus or worm or a pre-written error that enables remote access to the target machine. In theory any code that remains hidden could possible contain backdoors.
Backdoors are sometimes left by system administrators to allow themselves access to their systems remotely. This can be a problem if a developer is fired or leaves on bad terms as they can return and harm them anonymously. See Former Employee Attack. There a number of other examples.
- Microsoft giving China access to its source-code.
- Successful operating systems in security-centric realms utilize open code such as Linux and BSD.
- Most security audit tools are not closed-source.
- Most encryption algorithms (including AES) are also open.
There has been a long history of backdoors being written into major commercial applications so that, when contacted for a service call, the supporting company can log into a system with their prearranged login and password. Today, while rumours are not uncommon, such activities are visible almost only in hindsight. If such activities continue to exist, they are protected by the perpetrators through a policy of security through obscurity.