Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Wednesday August 10 2016, @11:51PM   Printer-friendly
from the key-mistake dept.

Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.

These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android.

What's more, it is believed it will be impossible for Microsoft to fully revoke the leaked keys.

And perhaps most importantly: it is a reminder that demands by politicians and crimefighters for special keys, which can be used by investigators to unlock devices in criminal cases, will inevitably jeopardize the security of everyone.

Microsoft's misstep was uncovered by two researchers, MY123 and Slipstream, who documented their findings here in a demoscene-themed writeup published on Tuesday. Slip believes Microsoft will find it impossible to undo its leak.

[Continues...]

[...] People are particularly keen to unlock their ARM-powered Surface fondleslabs and install a new operating system because Microsoft has all but abandoned the platform. Windows RT is essentially Windows 8.x ported to 32-bit ARMv7-compatible processors, and Microsoft has stopped developing it. Mainstream support for Surface RT tabs runs out in 2017 and Windows RT 8.1 in 2018.

A policy similar to the leaked debug-mode policy can be used to unlock Windows Phone handsets, too, so alternative operating systems can be installed. A policy provision tool for Windows Phone is already available. We expect to hear more about that soon.

[...] The Secure Boot policies Microsoft is rushing to revoke can't be used to backdoor conversations or remotely hijack systems, but they remind us that this kind of information rarely stays secret.

"This is a perfect real world example about why your idea of backdooring cryptosystems with a 'secure golden key' is very bad," Slipstream wrote, addressing the FBI in particular.

"Smarter people than me have been telling this to you for so long. It seems you have your fingers in your ears. You seriously don't understand still? Microsoft implemented a 'secure golden key' system. And the golden keys got released by Microsoft's own stupidity. Now, what happens if you tell everyone to make a 'secure golden key' system?"

The article goes into considerable background on the leaked keys and how you can use them to circumvent Secure Boot. Happy hacking to anyone who has (or can get a good deal on) a Windows RT tablet!


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by physicsmajor on Thursday August 11 2016, @03:39AM

    by physicsmajor (1471) on Thursday August 11 2016, @03:39AM (#386499)

    Neither the summary, nor the official release of the golden key, nor the Register actually specify if this applies to just the original, first-gen Surface RT or both that and the Surface RT 2. The 2nd gen has a lot better screen, which would be my preference.

    Seems like they are locked the same way so I'd expect so, but can anyone confirm? I don't want to spend $$ even for a gently used MS product unless I know with certainty it'll be under my full control.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 1) by redneckmother on Thursday August 11 2016, @06:45AM

    by redneckmother (3597) on Thursday August 11 2016, @06:45AM (#386537)

    I don't want to spend $$ even for a gently used MS product unless I know with certainty it'll be under my full control.

    ProTip: If it's an MS product, it ain't under YOUR control.

    --
    Mas cerveza por favor.