The idea of a universal backdoor to devices has been an issue of debate for a few years now, coming into public focus during Apple’s fight with the FBI over the San Bernardino shooter’s iPhone. The backlash to the idea of "golden keys" is the potential – according to many, the inevitability – that such keys will be discovered by bad actors seeking entry to devices for malicious purposes.
We’re seeing that very scenario play out with the leak of Microsoft’s key to Secure Boot, which has now compromised all Windows devices. Fortunately for Microsoft, the keys were discovered not by a hacker, but by security researchers MY123 and Slipstream, who published a complete description of the vulnerability as well as Microsoft’s (ostensibly poor) response to the problem when the issue was raised. It's not a disaster, but the leak still has some far-reaching implications.
What is Secure Boot?
According to Microsoft’s TechNet blog, “Secure Boot is a feature of UEFI (Unified Extensible Firmware Interface) that ensures that each component loaded during the boot process is digitally signed and validated. Secure boot makes sure that your PC boots using only software that is trusted by the PC manufacturer or the user.” It prevents devices running Windows 8.1 or above to be loaded with malicious versions of the operating system.
How the Leak Happened
The usual focus when security backdoor issues arise is on government surveillance or anti-terrorism efforts, but Microsoft’s key was the result of something much more mundane: the key is an accidental remnant from the operating system’s development, a convenience used by engineers during the debugging process.
According to ExtremeTech, “Microsoft created an internal debugging tool, probably so that its own developers didn’t have to sign every single OS build before installing and testing it. That policy accidentally shipped out on customer hardware, which means it can be recovered and retrieved by hackers and black hats.” As to be expected in such situations, the mistake has not gone overlooked and the key itself was made available online.
According to MY123 and Slipstream, Microsoft dragged its feet in response to the problem, initially dismissing it as a non-issue before finally admitting the bug. They have since released two software patches - MS16-094 and MS16-100 – and plan to add a third soon. However, Ars Technica reports that none of these patches will be able to completely solve the issue, “and there's a distinct possibility that the hole opened by the golden keys may not be truly closable.”
Consequences of the Leak
With Secure Boot compromised, people can now bypass Microsoft’s security restrictions on devices that would normally be protected – computers, phones, tablets - and install any operating system they choose, including malicious versions of Windows.
The leak has also reignited the discussion over golden keys, as many claim this as a prime example of what will happen if governments are given this sort of access to devices. As described in detail by Apple’s “Message to Our Customers” in the wake of the San Bernardino attack, they believe that no universal backdoor can be protected.
What This Means for You
This leak will probably not affect the average person very much, because devices would need to be physically accessed for the key to be used and malicious software to be installed. Unless you are a high-profile target for theft – for instance, if you own a company laptop with sensitive and valuable information - then there is probably not too much to worry about. And if your laptop is stolen, then you’re already in trouble.
The real, bigger issue is the inherent inevitability of golden keys’ discovery. The history of such measures is filled with exposed information, stolen data, and the breakdown of countermeasures. Microsoft might not lose much from this leak, but this just serves as more evidence that backdoors can always be found, and devices with them installed will always be vulnerable to attack.
Written by Luke Robbins