It has been reported that the NSA has released an open-source, reverse-engineering, hacking tool, called Ghidra into the public domain.
— Nicolai Fink Gundersen (@NFGMBA) March 7, 2019
Experts Comments below:
Adam Brown, Manager of Security Solutions at Synopsys:
“Ghidra made open source will be of interest to security consultants and hackers, however its not like anyone didn’t have this capability before with other tools. The process of reverse engineering – understanding the intricacies of how a piece of software processes its data and how it flows while only having the binary executable code – is not a simple process, therefore this tool is only useful in very capable hands. Despite Ghidra having user interface features to make reversing easier, only those who really understand software can get benefit from it.
Ghidra should be used and trusted where appropriate, as it’s simply a tool to help decode compiled software. Commercial tools that decompile and help with reverse engineering are not prohibitively expensive and most likely pirate copies are prolific, however an open source tool such as Ghidra makes reversing more accessible and in the long term improves security by garnering talent in those interested in experimenting. The more software security people we have the more security reviews can be performed, the better risk is understood and the faster software can be fixed.”
Chris Doman, Security Researcher at AT&T Cybersecurity:
This may level the reverse engineering playing field, enabling students and newer security researchers to use a high grade reverse engineering tool. That’s good news when one of the largest issue facing cyber-security is the lack of qualified people.
Some potential security misconfigurations in Ghidra have been identified – but I’d be very surprised if there was an intentional backdoor in Ghidra. It’s a product aimed at the very people who look for backdoors.
Backdoors are more likely to be found in other software.
Suzanne Spaulding, Advisor at Nozomi Networks and Former Department of Homeland Security Under Secretary:
“While I understand the mistrust, I would certainly use the reverse-engineering tool made public by NSA at RSA this week. First, it’s incredibly useful for forensic threat analysts. Second, it’s open source, so NSA would be taking a huge risk that anything malicious it might build in would be detected eventually. Finally, Rob Joyce and his colleagues at NSA are strongly committed to improving cybersecurity and defeating our adversaries in cyberspace. Helping the private sector better, and more quickly, understand malware makes us all safer. Among other benefits, it can deter bad actors if they know their impact will be limited by defenders who have capacity to more quickly understand how an attack was built.”