This week, Microsoft pretty much lost their lock pick. Security circles have described the incident as the loss of a golden key. Yes, it’s as if Microsoft has lost a precious magic key. But it really isn’t so much as a key as it is a lock pick. It’s a kind of backdoor, if you will.
On some Windows devices, including Windows-powered tablets and phones, a security mechanism called Secure Boot provides assurance that your hardware is booting up legitimate software. It’s designed to prevent malware from getting in to replace critical components in the pre-boot stages, before even your antivirus software can do its work properly and reliably.
Microsoft blogged a general introduction to Secure Boot, in case you wonder what it is about. Basically, Secure Boot ensures that you can only boot up an operating system that has been cryptographically signed by Microsoft. A component in Secure Boot is about policies, which are rules obeyed during the boot process. These policies, like drivers and other operating system components, are cryptographically signed.
Microsoft’s epic bungle isn’t so much that they lost their keys. Instead, Microsoft has accidentally shipped a debug-mode policy on some retail devices. This debug-mode policy, or the golden key policy, is apparently designed for internal debugging purposes, and it allows OS signature checks to be bypassed, enabling programmers to easily test new builds. It was for convenience.
In essence, Microsoft has created a backdoor, and then accidentally released it.
The debug-mode policy ended up in retail devices. You didn’t need to hack anything. You didn’t need to go to Microsoft’s offices to steal anything. You simply needed to go get a copy from a retail store.
It’s a timely reminder that backdoors are a bad idea. Recall the battle between Apple and the FBI over the San Bernardino iPhone. FBI wanted Apple to create a backdoor.
Secure Boot is nice. Backdoors are no good, but perhaps better than not having Secure Boot in the first place. That’s provided you understand the full repercussions of the backdoor, and in reality, you might ultimately understand that it’s as good as not having Secure Boot to begin with.
To be clear, Microsoft did not actually lose any key, even though everyone seems to want to refer to it as a key. Losing a key is indeed also a serious problem that would defeat the purpose of Secure Boot, but that’s not the case here. Instead, Microsoft has created a backdoor, and then misplaced the backdoor, making it publicly available. They’ve created a lock pick to open their locks, and then gave away the lock pick.
Why did they even do it in the first place?
View Comment Policy