Juniper Networks said on Friday it would stop using a piece of security code that analysts believe was developed by the National Security Agency in order to eavesdrop through technology products. The company has released critical patched releases to address vulnerabilities in devices running ScreenOS software. During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.

In addition to removing the unauthorized code and making patched releases available, Juniper undertook an investigation of ScreenOS and Junos OS source code.

Juniper said it was continuing to investigate.

The Silicon Valley maker of networking gear said it would ship new versions of security software in the first half of this year to replace those that rely on numbers generated by Dual Elliptic Curve technology.

Earlier this week, a team of cryptographers announced at a Stanford University conference that Juniper's code had been changed in multiple ways during 2008 to enable eavesdropping on virtual private network sessions by customers.

Until now, the most influential adopter of Dual Elliptic Curve was believed to be RSA, part of storage company EMC.

Though the academic team looking at Juniper has not named a suspect in the 2008, 2012 or 2014 changes, 2008 was one year after veteran cryptographers raised questions about Dual Elliptic Curve.