Windows Secure Boot design flaw exposed
Wed 10 Aug 2016
A design flaw in Windows Secure Boot has been exposed, allowing users to unlock formerly locked devices. The researchers who discovered the leak say that this is proof that encryption back doors can be exploited, and that the ‘golden key’ that governments and criminal investigators have demanded of tech companies jeopardize the security of all users.
Many Windows devices that use Secure Boot are locked down, and operating systems cannot be changed even by a user with Administrator rights to the device. Using the golden key, however, Windows operating systems may be erased from locked devices, allowing them to run under an alternate OS such as Linux, or Android.
Two researchers going by the hacker names my123 and Slipstream uncovered the flaw and reported their findings in a written release.
Secure Boot provides that during the process of booting up a device, a check is run to ensure that the operating system is from a trusted source. In the case of locked devices, including Windows-based smartphones and tablets, that trusted source is exclusively Microsoft. This was intended to prevent a rootkit malware install on the device.
However, a developer mode was created that allows a user to turn the Secure Boot system off. my123 and Slipstream were able to exploit a flaw in Secure Boot, using the developer disable function to create a skeleton key that would allow any locked device to be unlocked by any user.
A golden key is one of the demands by governmental agencies that are looking for a backdoor to encrypted systems that would allow access in certain situations, for example, during a criminal investigation.
In a section of the release of findings from Slipstream and my123 entitled ‘about the FBI’, the researchers wrote, “This is a perfect real-world example about why your idea of backdooring cryptosystems with a ‘secure golden key’ is very bad!” In this example, Microsoft implemented a ‘secure golden key’ system, which was then unintentionally released to the world. Should the FBI or similar agencies demand that other technology companies create a secure golden key to subvert secure encryption systems, they open the field for those back doors to be exploited as well.