Microsoft leaks its Golden Key, unlocking Windows Secure Boot and exposing the danger of backdoors
Microsoft has demonstrated why the FBI’s desire for “Golden Key” backdoors allowing “good guys” to bypass security is such a bad idea: it inadvertently released its own keys to Windows tablets, phones, HoloLens and other devices using UEFI Secure Boot.
Microsoft created a convenience key to bypass UEFI security, then leaked it
As noted by Charlie Osborne for Zero Day, the ability to bypass Windows Secure Boot using the profiles Microsoft made public not only allows users to replace their Windows OS with something else such as Linux, but also “permits the installation and execution of bootkit and rootkits at the deepest level of the device.”
Security researchers MY123 and Slipstream published a detailed explanation of how Microsoft bungled its security keys, and then failed to correctly patch for the issue, resulting in an ongoing issue that “may not be possible to fully resolve.”
“A backdoor,” the researchers noted, “which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!”
Evidence for the FBI to examine
Over the past winter, the FBI has locked horns with Apple over its efforts to bypass the boot security system of iOS, with the intent to make it easier to decrypt data on iPhones and other devices.
In February, Apple’s chief executive Tim Cook issued a statement in response to FBI demands, writing that, “We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them.
But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone.”
“the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone” – Tim Cook
Cook concluded, “while the government may argue that its use would be limited to this case, there is no way to guarantee such control.”
Sure enough, after Microsoft did create a backdoor for Windows Phone and other Secure Boot devices, it subsequently leaked the tools for unlocking that backdoor.
The researchers involved in documenting Microsoft’s screwup observed, “About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a “secure golden key” is very bad!
“Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don’t
understand still? Microsoft implemented a ‘secure golden key’ system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a ‘secure golden key’ system? Hopefully you can add 2+2…”
At this week’s BlackHat security conference, Apple engineer Ivan Krstić provided new details about how Apple’s own security system works on iOS devices, noting that iOS lacks any sort of backdoor mechanism that would allow Apple or others to bypass device security the way Microsoft’s Secure Boot for Windows does.
Apple’s serious approach to security has enabled the company to take a leading roll in supplying computing devices to enterprise buyers, one of the markets Windows Phone has made very little progress in, and a market segment that has purposely shunned the sloppy security associated with Google’s Android.