Pinterest Stumbleupon Whatsapp
Ads by Google

In what could be absolutely considered a glittering example of exactly why golden keys offering a backdoor into secure services shouldn’t exist, Microsoft accidentally leaked the master key to their Secure Boot system.

The leak potentially unlocks all devices with Microsoft Secure Boot technology installed, stripping their locked operating system status, enabling users to install their own operating systems and applications in place of those designated by the Redmond technology behemoth.

The leak shouldn’t compromise your device security — in theory. But it will open the lines for alternative operating systems and other applications that would previously have failed to work on a Secure Boot system.

How will Microsoft respond to this? A simple update to alter each Secure Boot base key? Or is it simply too late, damage done?

Let’s take a good look at what the Secure Boot leak means for you and your devices.

What Is Secure Boot?

“Secure Boot helps to make sure that your PC boots only using firmware that is trusted by the manufacturer”

Microsoft Secure Boot arrived with Windows 8, and is designed to prevent malicious operators installing applications What Is UEFI And How Does It Keep You More Secure? What Is UEFI And How Does It Keep You More Secure? Read More  or any unauthorized operating systems from loading, or making changes, during the system start-up process. When it arrived, there were concerns that its introduction would severely limit the ability to dual or multi-boot Microsoft systems. In the end, this was largely unfounded — or workarounds found.

Ads by Google

As Secure Boot relies on the UEFI (Unified Extensible Firmware Interface) specification What Is UEFI And How Does It Keep You More Secure? What Is UEFI And How Does It Keep You More Secure? Read More to provide basic encryption facilities, network authentication, and driver signing, providing modern systems with another layer of protection from rootkits and low-level malware.

Windows 10 UEFI

Microsoft wanted to ramp up the “protection” offered by UEFI in Windows 10.

To push this through, Microsoft informed manufacturers prior to Windows 10’s release that the choice to remove the option to disable Secure Boot was in their hands Will Linux No Longer Work on Future Windows 10 Hardware? Will Linux No Longer Work on Future Windows 10 Hardware? Secure Boot can prevent some Linux distros from booting. On upcoming Windows 10 devices, manufacturers may remove the option to turn off Secure Boot. This will affect Linux Mint and several other popular distros. Read More , effectively locking the operating system to the one a computer arrives with. It is worth noting that Microsoft wasn’t directly pushing this initiative (at least not entirely publicly), but as Ars Technica’s Peter Bright explains, changes to existing UEFI rules prior to the Windows 10 release date made this possible:

“Should this stand, we can envisage OEMs building machines that will offer no easy way to boot self-built operating systems, or indeed, any operating system that doesn’t have appropriate digital signatures.”

While there are undoubtedly numerous desktops and laptops for sale with unlocked UEFI settings, this could prove to be another stumbling block for those wishing to try an alternative to their Windows operating system.

Yet another road block for Linux advocates to work around… sigh.

And Now Secure Boot Is Permanently Unlocked?

Permanently, I’m not so sure. But for the meantime, Secure Boot can be unlocked. Here is what happened.

I know I’ve been referring to a super-duper skeleton-type key that unlocks every single lock in the entire Microsoft UEFI Secure Boot universe… but it actually comes down to which policies you have signed on your system.

Secure Boot works in tandem with certain policies, read and fully obeyed by the Windows boot manager How to Solve Most Windows Boot Problems How to Solve Most Windows Boot Problems Is your Windows computer not booting up? It could be because of a hardware, software, or firmware error. Here's how to diagnose and fix these problems. Read More . The policies advise the boot manager to keep Secure Boot enabled. However, Microsoft created one policy designed to allow developers to test operating system builds without having to digitally sign each version. This effectively overrules Secure Boot, disabling early system checks during the start-up process. The security researchers, MY123 and Slipstream, documented their findings (on a really delightful website):

“During the development of Windows 10 v1607 ‘Redstone’, MS added a new type of secure boot policy. Namely, “supplemental” policies that are located in the EFIESP partition (rather than in a UEFI variable), and have their settings merged in, dependant on conditions (namely, that a certain “activation” policy is also in existance, and has been loaded in).

Redstone’s bootmgr.efi loads “legacy” policies (namely, a policy from UEFI variables) first. At a certain time in redstone dev, it did not do any further checks beyond signature / deviceID checks. (This has now changed, but see how the change is stupid) After loading the “legacy” policy, or a base policy from EFIESP partition, it then loads, checks and merges in the supplemental policies.

See the issue here? If not, let me spell it out to you plain and clear. The “supplemental” policy contains new elements, for the merging conditions. These conditions are (well, at one time) unchecked by bootmgr when loading a legacy policy. And bootmgr of win10 v1511 and earlier certainly doesn’t know about them. To those bootmgrs, it has just loaded in a perfectly valid, signed policy.”

It doesn’t make good reading for Microsoft. It effectively means the debug-mode policy designed to allow developers – and only developers – chance to negate the signing processes is open to anyone with a retail version of Windows 10. And that that policy has leaked onto the Internet.

Remember The San Bernardino iPhone?

“You can see the irony. Also the irony in that MS themselves provided us several nice “golden keys” (as the FBI would say ;) for us to use for that purpose :)

About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a “secure golden key” is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don’t understand still? Microsoft implemented a “secure golden key” system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a “secure golden key” system? Hopefully you can add 2+2…”

For those encryption advocates this has been an all-to-bittersweet moment that will hopefully provide some well needed clarity for law enforcement agencies and government officials alike. Golden backdoors will never stay hidden. They will always be discovered, be that by an unforeseen internal vulnerability (Snowden revelations Hero or Villain? NSA Moderates Its Stance on Snowden Hero or Villain? NSA Moderates Its Stance on Snowden Whistleblower Edward Snowden and the NSA's John DeLong appeared on the schedule for a symposium. While there was no debate, it seems the NSA no longer paints Snowden as a traitor. What's changed? Read More ) or by those interested in poking and pulling technology and its underlying code apart.

Consider the San Bernardino iPhone…

We have great respect for the professionals at the FBI, and we believe their intentions are good. Up to this point, we have done everything that is both within our power and within the law to help them. But now the U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create. They have asked us to build a backdoor to the iPhone What Is The Most Secure Mobile Operating System? What Is The Most Secure Mobile Operating System? Battling for the title of Most Secure Mobile OS, we have: Android, BlackBerry, Ubuntu, Windows Phone, and iOS. Which operating system is the best at holding its own against online attacks? Read More .”

The Ball Rests With Microsoft

As I mentioned, this shouldn’t really pose a massive security risk to your personal devices, and Microsoft released a statement downplaying the relevance of the Secure Boot leak:

“The jailbreak technique described in the researchers’ report on August 10 does not apply to desktop or enterprise PC systems. It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections.”

As well as this, they have hastily released a Microsoft Security Bulletin designated “Important.” This will resolve the vulnerability once installed. However, it won’t take much to install a version of Windows 10 without the patch implemented.

Golden Keys

Unfortunately, this is unlikely to lead to a new glut of Microsoft devices running Linux distros. I mean, there will be some enterprising individuals who take the time test this, but for the majority of individuals, this will simply be another security blip that passed them by.

It shouldn’t.

Not giving a damn about Linux distros on Microsoft tablets is one thing, sure. But the wider implications of a golden key leaking into the public domain to unlock potentially millions of devices is another.

muo-securityy-skeleton-keys

A couple of years ago The Washington Post made a rallying call for “compromise” on encryption, proposing that while our data should obviously be off-limits for hackers, perhaps Google and Apple et al should have a secure golden key. In an excellent critique of exactly why this is a “misguided, dangerous proposal,” Keybase co-creator Christ Coyne explains, quite plainly, that “Honest, good people are endangered by any backdoor that bypasses their own passwords.”

We should all strive for the maximum level of personal security possible Start the Year Off Right with a Personal Security Audit Start the Year Off Right with a Personal Security Audit It's time to make plans for the new year, such as ensuring your personal security is up to scratch. Here are 10 steps you should take to update everything using your PC, phone or tablet. Read More , not deign to weaken it at the first available opportunity. Because as we have seen on multiple occasions, those super-duper skeleton-type key’s will end up in the wrong hands.

And when they do, we’re all playing a dangerous game of reactive defence, whether we wanted to or not.

Should major technology companies create backdoors in their services? Or should government agencies and other services mind their own business and focus on maintaining security?

Image Credit: DutchScenery/Shutterstock, Constantine Pankin/Shutterstock

Leave a Reply

Your email address will not be published. Required fields are marked *