Microsoft Leaks Backdoor Keys To UEFI Secure Boot

Megalith

Megalith

24-bit/48kHz
Staff member
Joined
Aug 20, 2006
Messages
13,000
Microsoft has shown why backdoors may be a bad idea after accidentally shipping its “golden keys” to Secure Boot, which would allow someone to unlock any Windows device protected by the feature and run any OS they wish—or, for the more nefarious, bootkits/rootkits at the deepest level. Microsoft has responded, claiming that desktop or enterprise systems are not affected.

Microsoft's Secure Boot is part of the Unified Extensible Firmware Interface (UEFI) firmware which is meant to ensure each component of the system boot process is signed and validated. When Secure Boot is fully enabled, it also prevents users from booting up other operating systems which take their fancy. In addition, there are specific systems and devices -- such as Windows RT and Windows Phone -- where Secure Boot cannot otherwise be disabled by the user. Secure Boot works in tandem with particular policies which are read and obeyed by Windows boot manager. For testing and tweaking purposes, Microsoft has one particular boot policy which loads early on and disables operating system checks.
 
Personally, I consider this to be a good thing -- as Secure Boot primarily helps to lock down devices and make it more difficult to install your own operating systems and applications on them (e.g. this makes it much easier to be able to blow away the Windows RT crap on the original Surface and load a decent ARM based version of Linux).
 
Sadly it now means that companies relying on Microsoft security (yes guys it is a good laugh) now can say goodbye to a feature which would have useful to keep most script kiddies out.
"Anyone" can now put bad code anywhere without the OS saying that it is not signed. Back to square one for MS security :)
 
This update from Microsoft came shortly after this news from a few days ago:

"The jailbreak technique described in the researchers' report on August 10 does not apply to desktop or enterprise PC systems. It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections."
Click to expand...

RT running on ARM with physical access to the machine.

While it's an issue, it doesn't seem like it affects too many machines (Windows RT is dead these days, anyway). I think it's a good thing and should open things a bit on the RT side of things, which a lot of people were asking for...
 
Military intelligence, Microsoft security, Windows RT.

Three things that that never go together.
 
Jim Kim said:
Military intelligence, Microsoft security, Windows RT.

Three things that that never go together.
Click to expand...

Ten years ago I think this would have been funnier. Considering the regularity in which all types of systems are being compromised by all kinds of methods, the only things unhackable are the ones no one has tried to hack.
 
You still need physical access to the machine and you have to login and execute the patch. If someone can log into your box and has admin your rights, you're fucking owned regardless. I hate MS as much as anyone, but this is unfair. Unless you understand exactly whats involved, stop throwing shit at MS.

I have an RT and was able to apply this backdoor and it works. The problem is there still is no Linux distro compiled for it. Wish Microsoft would just open the thing up since its dead to them anyways.
 
You must log in or register to reply here.
Back
Top