Log­ging Off

Micro Mart - - App Of The Week - Mark Pick­a­vance

Reg­u­lar Mi­cro Mart read­ers may have come across cov­er­age of Se­cure Boot on the PC from time-to-time – but not of­ten in a des­per­ately pos­i­tive way. Hailed as a way to make PCs more se­cure (by mak­ing it more dif­fi­cult from mal­ware to re­code its BIOS) this Tro­jan stal­lion of the software world ac­tu­ally seemed to be more about em­pow­er­ing hard­ware mak­ers with a way to en­sure con­sumers could only run the OS orig­i­nally sup­plied with a sys­tem. Mi­crosoft’s sticky paws were all over the code sign­ing sys­tem for Se­cure Boot, so it wasn’t a huge sur­prise that one of its pri­mary ob­jec­tives ap­peared to be stop­ping users leav­ing the Win­dows camp. From Win­dows 8 on­wards, PC mak­ers could only sup­ply the OS on sys­tems where Se­cure Boot was ac­tive – even though most pro­vide their BIOS with a legacy mode. How­ever, what it then wanted to do with Win­dows 10 was to ban­ish the legacy modes, forc­ing a PC to only have the life­span of the OS you bought it with, con­ve­niently. That plan has taken a ma­jor kick­ing re­cently, but not be­cause of the many ob­jec­tions that var­i­ous par­ties have to Se­cure Boot. In­stead, the steel toe-cap has been swung by the leak­ing of a ‘golden key’ by some­one at Mi­crosoft, which has ut­terly borked the whole sys­tem. You see, when Mi­crosoft de­signed a back­door into its sup­pos­edly im­pen­e­tra­ble code fortress, it did so with the idea that only its staff could al­ter it. How­ever, now the key the staff use to make changes is out in the wild, any­one with it can in­stall any­thing on a PC’s firmware – even with Se­cure Boot en­abled – be­cause they will get to sign their own se­cu­rity keys. That Mi­crosoft would do some­thing so mon­u­men­tally dumb isn’t, at least for this writer, that much of a sur­prise that it’s wor­thy of writ­ing a whole Log­ging Off about. What’s re­ally im­por­tant here is moral this sorry tale can teach those in the se­cu­rity sec­tor who have been ped­dling the idea that en­cryp­tion should have back­doors for those wear­ing the white cowboy hats. It’s a mon­u­men­tally stupid no­tion that would in­evitably end up mak­ing se­cu­rity pro­tec­tion to­tally worth­less. Any­one wan­der­ing around a me­dieval fortress that’s re­motely in­tact soon re­alises that cas­tles, as a gen­eral rule, don’t have back­doors. They don’t have them be­cause those who built them re­alised that, as se­cret as they might be, when a cas­tle is be­sieged

some­one will re­veal it to save their life – or those that they care for. If a cas­tle does have a se­cret exit, it’s usu­ally one that couldn’t be prac­ti­cally used to storm it, be­cause it ex­its un­der­wa­ter, or is re­mark­ably nar­row and eas­ily de­fended.

It’s in this prac­ti­cal think­ing where Se­cure Boot en­tirely failed: hav­ing cre­ated a back­door to its fortress, Mi­crosoft can’t sim­ply change the key on all the com­put­ers that use it now it has been re­vealed – at least not with­out break­ing all man­ner of other things in the process.

If there are peo­ple in the FBI, CIA or the US Congress who think plac­ing back­doors into things that are sup­pos­edly se­cure is such a good idea, then they should re­search Se­cure Boot. While they’re ad­mir­ing that mess, they also might want to peek at the ma­jor headache VW self-in­flicted re­cently, when its global master code for elec­tron­i­cally un­lock­ing keys es­caped into the wild, ex­pos­ing 100 mil­lion cars to be­ing stolen, or stolen from, at will.

As I’m sure those in the crim­i­nal fra­ter­nity might agree, back­doors are the gift that just keep on giv­ing!

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.