Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open
Microsoft quiet as researchers spot debug mode flaw that bypasses OS checks.
The keys have been released on the AWESOME website: https://rol.im/securegoldenkeyboot/
The researchers note that this snafu is a real-world demonstration of the lack of wisdom in the FBI's recent demands for universal backdoors in Apple's devices. They wrote:
"A backdoor, which MS put in to Secure Boot because they decided to not let the user turn it off in certain devices, allows for Secure Boot to be disabled everywhere! You can see the irony. Also the irony in that MS themselves provided us several nice "golden keys" (as the FBI would say) 😉 for us to use for that purpose 🙂
About the FBI: are you reading this? If you are, then this is a perfect real world example about why your idea of backdooring cryptosystems with a "secure golden key" is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears.
You seriously don't understand still? Microsoft implemented a "secure golden key" system. And the golden keys got released from MS['s] own stupidity. Now, what happens if you tell everyone to make a "secure golden key" system? Hopefully you can add 2+2…"
The researchers seem to have found the golden key bundled in dormant form on retail devices, left in as a debugging tool by accident. Now apparently available online, it should allow any user to turn off Secure Boot.
Have a comment?