Microsoft creates Secure Boot backdoor, leaks golden keys
Microsoft has created a backdoor in Secure Boot, the security feature designed to ensure that a device can only run the operating system that it is meant to. And, to make matters worse, it has just accidentally leaked the "golden keys" needed to bypass it.
The Secure Boot backdoor is there to, for instance, allow a Microsoft developer to install a new build of Windows on a device -- that has the security feature enforced -- without it having to be digitally signed beforehand. It makes their job easy, but it also makes the security system ineffective if -- when -- the golden keys that unlock it make their way into the wrong hands.
In the case of a Lumia smartphone Secure Boot ensures that the device can only run Windows Phone or Windows 10 Mobile, while in the case of a Surface RT tablet the intended operating system is Windows RT. But, with Secure Boot out of the way, it would be possible to, say, make a Lumia device run Android.
That is the wishful thinking scenario, anyway, because if an attacker manages to render Secure Boot ineffective on a target device they could load malware on it and do all sorts of harm, likely without the victim ever noticing. This is especially problematic on enterprise-enrolled devices, which enforce Secure Boot for security purposes are configured so that users cannot disable the security feature.
With a golden key, the term used here to describe the policy that unlocks Secure Boot and which Microsoft has accidentally shipped on retail versions of Windows, you cannot have one or the other: just as an enthusiast can play with their smartphone to install a different OS so can a hacker compromise an important device to steal files or read private conversations. It is a problem that many have with the idea of introducing backdoors into software that was, earlier this year, circulated by the FBI.
Ideally, only the good guys would have access to golden keys, and they would only use them when there is no other way. But, in practice, these golden keys can also find their way into the hands of the wrong people who will not hesitate to use them to do harm.
The security researchers that have uncovered Microsoft's mishap warned the software giant about the dangers that this backdoor poses between March to April. Microsoft replied in April, refusing to fix it, before realizing between June and July that it is actually a serious security problem. A patch was released in July, followed by another in August. The Register says that a third patch is on the way, being expected in September.
The backdoor, however, may prove very hard to remove on all affected systems. As the security researchers note, "it'd be impossible in practise for MS to revoke every bootmgr earlier than a certain point, as they'd break install media, recovery partitions, backups, etc".
Taking a stab at the FBI for suggesting that the "good guys" should get a special software backdoor, the security researchers say that "this is a perfect real world example about why your idea of backdooring cryptosystems with a 'secure golden key' is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears. You seriously don't understand still? Microsoft implemented a 'secure golden key' system. And the golden keys got released from MS own stupidity. Now, what happens if you tell everyone to make a 'secure golden key' system? Hopefully you can add 2+2...".
Microsoft lists the following Windows versions as affected in the related security bulletins: Windows 8.1 (32-bit and 64-bit), Windows Server 2012 and Windows Server 2012 R2, Windows RT 8.1, Windows 10 and Windows 10 build 1511 (both 32-bit and 64-bit), and Windows Server 2012 and Windows Server 2012 Server Core Installation. Microsoft also notes that Windows Server 2016 Technical Preview 5 is affected as well, though because it is not yet released the risks are significantly lower.