Previous Story
Researchers crack Microsoft feature; say encryption backdoors similarly crackable
Posted On Aug 11 2016
Comment: Off
Someone will inevitably make a mistake, and users are left vulnerable while the company scrambles for a fix.
“When Secure Boot is activated on a PC, the PC checks each piece of software, including the Option ROMs and the operating system, against databases of known-good signatures maintained in the firmware”, Microsoft states. It allows users to install operating systems like Linux or Android on once closed devices such as Windows phones or the Surface RT. They can use the policy to test different OS versions on a device without needing to cryptographically sign each build, cutting a time-consuming phase out of the development process. The policy, signed by the Windows Production PCA 2011 key of Microsoft, can be provisioned into devices as an active policy, which will disable Secure Boot. This feature gives the option to install self-signed drivers on the system.
This policy allows an attacker to switch Secure Boot into a testing mode called “testsigning”, which lets someone in physical control of the device load unsigned binaries, and by doing so, take over the boot sequence and load malware or even a custom operating systems.
However, Microsoft created tools (aka policies) for altering the Secure Boot system.
The “supplemental” policy does NOT contain a DeviceID. “Hopefully you can add 2+2.”, they added. However, the researchers believe the vulnerability can not be completely fixed.
According to a report by the Register, the “golden key” debacle was born out of a design flaw in this debug-mode policy, which was accidentally shipped onto retail devices. These policies must also be signed by Microsoft to be accepted, and are installed on devices and machines using a Microsoft-signed tool.
That is the wishful thinking scenario, anyway, because if an attacker manages to render Secure Boot ineffective on a target device they could load malware on it and do all sorts of harm, likely without the victim ever noticing. “If you are, then this is a flawless real world example about why your idea of backdooring cryptosystems with a “secure golden key” is very bad!”, the researchers explained in their highly technical write-up.
As for fixing the problem, there are limitations.
The tech giant is desperately trying to patch this vulnerability, but some hackers say it’s impossible for Microsoft to invalidate the leaked keys. However, the revocation list is checked after policies are loaded, so the July patch is not a complete fix – it’s at most a small roadblock. A third one is expected to come out in September.
The issue remains only partially addressed, and what’s worse, it is believed that Microsoft can’t fully revoke the leaked policies.
This puts users in a precarious position. Security experts have pushed back on the demands because backdoors inevitably jeopardize the security of every user. If the golden keys were to leak out, any device could be unlocked by malicious actors. The second is that a fix is not always available.
While Secure Boot can not be used to access conversations or hijack systems, this leak highlights the risk of backdoor keys.
Worse still, it was “Microsoft’s own stupidity” in the implementation that made the leak possible. Should the Federal Bureau of Investigation or similar agencies demand that other technology companies create a secure golden key to subvert secure encryption systems, they open the field for those back doors to be exploited as well.
