Microsoft Creates Backdoor In Windows, Accidentally Leaks UEFI Secure Boot Keys
Short Bytes: Two researchers reported that Microsoft accidently compromised the golden keys to its UEFI Secure boot feature. The golden keys allow the developer to bypass the Window boot manager check and install a non-Microsoft OS on the machine. Microsft has released two patches to rectify the mistakes since then.
It’s almost a week since the release of Anniversary update for public and a major risk has aroused in the UEFI Secure Boot feature used by Microsoft. The UEFI Secure Boot has the job to make sure that a digitally signed version of Windows gets installed on a machine.In March 2016, two researchers, MY123 and Slipstream, revealed the existence of the golden keys which can be used to breach the security offered by UEFI Secure Boot and install an operating system which is not cryptographically secured by Microsoft, such as Ubuntu or any other Linux Distro, on Windows tablets and other Microsoft-sealed devices.
Something about the Golden Keys
The golden keys discussed here are Secure Boot policies created by Microsoft for developers. These help them bypass the OS signature checks made by the Windows boot manager which happen when they boot into a secure boot-enabled machine and perform debugging operations.
It is almost impossible for Microsoft to undo what has been done. The policy leak may be an outcome of some naive carelessness from the Redmond. The researchers may have found the debug-mode policy on a retail device in a deactivated state.
“Now that golden policy has leaked onto the internet. It is signed by Microsoft’s Windows Production PCA 2011 key. If you provision this onto your device or computer as an active policy, you’ll disable Secure Boot. The policy is universal; it is not tied to any particular architecture or device. It works on x86 and ARM, on anything that uses the Windows boot manager,” – The Register writes.
Last month, Microsoft released a security patch MS16-094, a couple of months after the researchers told them about the bug. It involved the revocations of various policy by the Windows Boot Manager which included the debug-mode policy too.
Second security patch MS16-100 was released on August 9. It is not a fool-proof solution but it does add some level of obstruction in front of a person trying to install debug-mode policy on his/her device. Another patch is in the works and will be released in the coming month.
A Treat For the Security Agencies, “FBI”
These tools are made to provide easy access to the developers and bug-hunters. But they can also serve as a backdoor for security agencies like FBI who can exploit the security policy vulnerability to gain access to the devices of people involved in cases.
Security breach incidents like these put a question on the privacy of the users. Not only the FBI who would use it for crime-fighting, also the criminals minds who would also exploit the backdoor to gain access to confidential data.
In the San Bernardino Case, Apple fought very well to defend the integrity of their iOS operating system and the FBI had to pay a hefty amount of cash to get the iPhone unlocked.
“This is a perfect real world example about why your idea of backdooring cryptosystems with a ‘secure golden key’ is very bad,” wrote Slipstream.
“Smarter people than me have been telling this to you for so long. It seems you have your fingers in your ears. You seriously don’t understand still? Microsoft implemented a ‘secure golden key’ system. And the golden keys got released by Microsoft’s own stupidity. Now, what happens if you tell everyone to make a ‘secure golden key’ system?”
— via The Register