HardwareHardware backdoors in computing equipment such as CPUs, data storage, peripheral devices or networking equipment. A backdoor may be placed in the software drivers for hardware. They can also be hardwired into devices and can potentially include a microprocessor and networking capabilities dedicated to the backdoor.
Operating SystemsOperating systems often include remote administration tools that allow administrators and vendors to support users. These are typically secured but are an attractive target for malicious use because they are designed to gain control of a machine remotely. As such, administrators will often disable such tools in a secured environment.
Applications & SystemsApplications and systems may have backdoors secretly installed to achieve malicious objectives. Backdoors are also openly installed for administrative and integration purposes. When you install software you are placing trust in a vendor that they haven't added insecure or malicious backdoors that will leave you vulnerable. In the case of open source, it is possible to audit source code to detect backdoors.
Default PasswordsDefault passwords that are available when hardware, operating systems or software is first installed is viewed as a backdoor.
APIs, Services & ComponentsIt is possible for backdoors to end up in software due to the use of external APIs, services and components. Information security policies at banks and other security focused organizations may review all APIs before they can be used. In other industries, it may be common to include external code and services without a security review.