Leak leaves ev­ery Se­cure Boot de­vice vul­ner­a­ble


Mi­crosoft loses its Se­cure Boot mas­ter key, Face­book fights Adblock and Kaby Lake chips trickle out.

TWO “RE­SEARCHERS” go­ing by the monikers “MY123” and “slip­stream” have re­vealed on their blog a fairly mon­u­men­tal hole in the Win­dows Se­cure Boot process—a so-called golden key. This “key” has the po­ten­tial to be able to un­lock ev­ery Se­cure Boot Win­dows de­vice to al­low the in­stal­la­tion of other op­er­at­ing sys­tems.

Dur­ing boot­ing, Win­dows uses Se­cure Boot to check that the op­er­at­ing sys­tem has a Mi­crosoft cer­tifi­cate and the right poli­cies. The Se­cure Boot Pol­icy is nor­mally only ac­ces­si­ble by Boot Man­ager. Dur­ing the de­vel­op­ment of Win­dows 10, a new pol­icy was added, to ease test­ing and de­bug­ging, which has its set­tings merged in, de­pend­ing on con­di­tions. This pol­icy was shipped with re­tail Win­dows ver­sions—ac­ci­den­tally, we as­sume—sit­ting dor­mant in a hid­den file. It’s knowl­edge of this new pol­icy that has been leaked.

By edit­ing the new pol­icy, you can by­pass cer­tifi­cate check­ing, ef­fec­tively un­lock­ing a ma­chine to other OSes and the in­stal­la­tion of po­ten­tially ma­li­cious soft­ware deep down in the in­nards of Win­dows, where it can live un­chal­lenged. That’s the scary part. The fun part is that you can in­stall a new OS on a ma­chine oth­er­wise locked to Win­dows, such as a Win­dows Phone, RT tablet, or HoloLens. Win­dows PCs and servers are gen­er­ally not locked by Se­cure Boot.

The bug was re­ported to Mi­crosoft in March—it even paid a bug bounty. Now the is­sue is out in the open, and it’s all rather em­bar­rass­ing for Mi­crosoft. The com­pany has mil­lions of sys­tems, and a sin­gle key now un­locks them all. It promptly re­leased a se­cu­rity patch, which proved in­ef­fec­tive; an­other soon fol­lowed, and an­other af­ter that. A clear sign that it is strug­gling to fix this. Given how close to the boot this vul­ner­a­bil­ity op­er­ates, it’s go­ing to be im­pos­si­ble to fix prop­erly—the patches ad­dress things af­ter the pol­icy has fired up, so can be by­passed.

It looks as though the prob­lem will never go away. With­out phys­i­cal ac­cess to a ma­chine, it’s next to im­pos­si­ble to fix the is­sue, and once some­thing is leaked on to the In­ter­net, it is im­pos­si­ble to get rid of it—just ask Jen­nifer Lawrence.

Se­cu­rity ex­perts have lined up to be­rate Mi­crosoft, point­ing out that any se­cu­rity sys­tem that re­lies on peo­ple, re­lies on the fal­li­ble. The sim­ple ex­is­tence of any such back­door key is a huge risk. The pair that have high­lighted the flaw had a per­sonal mes­sage for the FBI, who re­cently asked Ap­ple to in­clude back­doors in its sys­tems, af­ter hav­ing trou­ble get­ting into a sus­pect’s iPhone. The blog­gers say that “this is a per­fect real-world ex­am­ple about why your idea of back­door­ing cryp­tosys­tems with a ‘ se­cure golden key’ is very bad!”

De­spite gen­er­at­ing some alarm­ing head­lines— and caus­ing red faces at Red­mond—it’s not as se­ri­ous as it might sound. Ma­li­cious uses of the so-called golden key are thank­fully fairly un­likely, be­cause you need phys­i­cal ac­cess to the ma­chine, ad­min­is­tra­tion rights, and to do some low-level tinker­ing. What it does high­light is the wis­dom of build­ing back­door into any sys­tem where se­cu­rity is para­mount. Slip­stream is right on that count. Mean­while, if you have a ma­chine locked to Win­dows that you would like to run some­thing else on, you can. All those Win­dows phones can be re­cy­cled.

Mi­crosoft has mil­lions of sys­tems, and a sin­gle key now un­locks them all.

The StarWars-style blog that re­veals how Mi­crosoft left the key to Se­cure Boot in the re­tail ver­sion of Win­dows.

Newspapers in English

Newspapers from Australia

© PressReader. All rights reserved.