Researchers crack leaked Microsoft’s Golden Key unlocking Secure Boot feature in Windows devices
Microsoft has been advocating against the United States government and FBI’s request for “Golden Key” backdoors allowing authorities to bypass security. However, it seems that the company itself forgot to keep its own keys to Windows tablets, phones, HoloLens and other devices using UEFI Secure Boot safe and secure.
Researchers who uncovered a security key says that this particular key protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work. Theoretically, the researchers can gain entrance to any Windows device in the world. Similarly, the keys will allow Windows users to install any OS of their choice on Windows devices.
Secure Boot is a built into the firmware of computer or the software as the case may be, allowing the computer/software to make failsafe checks before booting. Microsoft built Secure Boot to handle different types of malware specifically the rootkit malware which even antivirus tools can’t identify. If Microsoft’s Secure Boot detects tampered files or rootkit malware, it refuses to let the OS boot.
Most systems let users turn Secure Boot on and off. Certain systems, including some tablets and phones, do not. Devices that cannot disable Secure Boot can never install competing operating systems.
Security researchers MY123 and Slipstream published a detailed explanation of how Microsoft kept its security keys in open, and then failed to correctly patch for the issue, resulting in an ongoing issue that “may not be possible to fully resolve.”
“A backdoor,” the researchers noted, “which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere!”
The leaked Golden Key’s allows any person the ability to bypass Windows Secure Boot using the profiles Microsoft made public. The key not only allows hackers to replace Windows OS with something else such as Linux, but also “permits the installation and execution of bootkit and rootkits at the deepest level of the device.”
“Microsoft implemented a ‘secure golden key’ system. And the golden keys got released from [Microsoft’s] own stupidity,” wrote the researchers in their report, in a section addressed by name to the FBI.
“Now, what happens if you tell everyone to make a ‘secure golden key’ system? Hopefully you can add 2+2.”