Backdoors in Software Delivery: Real‑World Cases, Legal Perspectives, and Compiler‑Level Vulnerabilities

Yesterday while browsing Zhihu I encountered a question that sparked three particularly interesting answers, which I share here.

Answer by "独行的猪" (link: https://www.zhihu.com/question/531724027/answer/2487270093): The author describes an outsourced Android ROM project for a state‑owned enterprise, with a payment schedule of 40,000 CNY deposit, 80,000 CNY upon ROM delivery, and a final 40,000 CNY after source code hand‑over. Before delivering the production ROM, a timestamp check was hidden inside a driver so the device would become unbootable after six months. When the client delayed the final payment, the hidden check caused downstream complaints, forcing the client to pay the remaining amount. The author notes that such a backdoor, while risky, can be a form of self‑protection and is not outright illegal.

The narrator recalls personal experience of disappearing after delivering freelance software, highlighting the temptation to embed time‑limits.

Regarding legality, another Zhihu user "TK" (link: https://www.zhihu.com/question/531724027/answer/2539891264) explains that Chinese law does not have a specific statute punishing the mere existence of a backdoor because the concept is hard to define. Whether something counts as a backdoor depends on its function (e.g., automatic updates, hot‑patch mechanisms, remote maintenance). Liability is determined by the actual malicious use of the backdoor rather than its mere presence.

Answer by "沧海" (link: https://www.zhihu.com/question/531724027/answer/2487130220): The answer recounts Ken Thompson’s famous compiler backdoor at Bell Labs, where a hidden password check was embedded in the C compiler, making any Unix system compiled with it vulnerable regardless of later modifications. This technique resurfaced in the Xcode Ghost incident. The answer categorises backdoors by depth: low‑level (code), mid‑level (toolchain), high‑level (compiler), and ultimate (hardware), noting that only a peer of equal skill can reliably locate and remove such deep backdoors.

The author adds a recent anecdote about a hacker group poisoning the IDA reverse‑engineering tool, illustrating that even security‑oriented software can be targeted.

If you found this article helpful, liking and sharing is the greatest support!