Ironic Windows Vulnerability Shows Why Backdoors Can’t Work

From Wired:

Apple’s refusal to comply with a court order to help the FBI crack an iPhone highlighted the pressure tech companies face to include backdoors in their software. This “new crypto war” pits public safety concerns against the argument that backdoors and robust security are mutually exclusive. A seemingly innocuous Windows feature designed to protect users underscores that point.

Two hackers published evidence on Tuesday showing that attackers can exploit a feature called Secure Boot and install the type of malicious software the feature was created to protect against. “You can see the irony,” the researchers, known by the handles Slipstream and MY123, wrote.

Secure Boot, which first appeared in Windows 8 , bars computers from loading malware by confirming that software coordinating the operating system launch is trusted and verified. This ensures a computer isn’t tricked by a malicious program that then assumes control. Microsoft included a workaround so developers could test their software without fully validating it. It was never meant for hackers or police, but it is a backdoor just the same. And the keys leaked online.

Secure Boot runs by default on PCs, but users can disable it. It also runs on devices that use Windows RT and Windows Phone, and can’t be shut off. Microsoft released a patch in July and another this week. In a statement, the company said the exploit places only tablets and Windows Phones at risk, because most people using Windows servers and business PCs disable Secure Boot. Furthermore, an attacker needs deep access to individual mobile units to exploit the vulnerability.

Nonetheless, the patches appear to simply make the backdoor harder to exploit. The company’s approach to solving this problem is to blacklist affected boot managers, but Slipstream and MY123 argue that isn’t feasible. “It’d be impossible in practice for MS to revoke every bootmgr earlier than a certain point, as they’d …

Continue Reading