
Ask HN: What are the chances the NSA backdoored the Java/jvm platform? - theboywho
The Java&#x2F;jvm platform being widely deployed all over the world, from company servers to personal computers, and with recent revelations about the NSA approaching Linus to backdoor the linux kernel, I kept thinking the jvm is a natural target for the NSA.<p>What are the chances of this &quot;backdooring operation&quot; being successful?
======
Zigurd
If you take Java bytecode to be the attack surface, it is probably less likely
than that a complex, microcode-based CPU instruction set contains a back door
because it is hard to smuggle a multi-instruction side effect into an open
source bytecode interpreter. Other attacks like an undocumented jni call are
also difficult to conceal. That leaves things like network libraries, and most
of those are an interface to protocols, leaving not much room for shenanigans,
IF the source is available and build-able.

------
weddpros
Adding a backdoor to open source software is no easy task...

------
csense
Depends on whether you're talking about an OpenJDK you compiled yourself, or
an official binary distribution.

The latter would be much easier for someone to backdoor.

