Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Microsoft accidentally leaks golden keys that unlock every Windows device


  • Please log in to reply
4 replies to this topic

#1 JohnC_21

JohnC_21

  • Members
  • 23,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 PM

Posted 11 August 2016 - 11:07 AM

Microsoft accidentally leaked the golden keys to the Windows kingdom. The keys allow hackers to unlock every Windows device, including tablets, phones and other devices that are protected by Secure Boot. The most alarming part about the leak is that it is believed that it may likely be impossible for Microsoft to fully recover from the leak.

The leakwas uncovered by two security researchers MY123 and Slipstreamwho revealed in a (Star Wars-style) blog that the security flaw allowed malicious entities with admin rights or physical access to a device can bypass Secure Boot to not only run other operating systems (OS) like Linux or Android on the device but also install and execute rootkits and bootkits, at the most deeply penetrated level of the device.

The researchers wrote: "A backdoor, which MS put in to secure boot because they decided to not let the user turn it off in certain devices, allows for secure boot to be disabled everywhere! You can see the irony. Also the irony in that MS themselves provided us several nice 'golden keys' (as the FBI would say) for us to use for that purpose."

Article

 

Note: Physical Access is needed.


Edited by JohnC_21, 11 August 2016 - 11:09 AM.


BC AdBot (Login to Remove)

 


#2 ScathEnfys

ScathEnfys

    Bleeping Butterfly


  • Members
  • 1,375 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Deep in the Surface Web
  • Local time:09:31 PM

Posted 11 August 2016 - 11:17 AM

Note: Physical Access is needed.

In that case, I'm not particularly worried. A physical access requirement is pretty much a show-stopper unless "physical access" can be replaced with a social engineering technique to get a employee to insert physical media into the PC.
Proud system builder, modder, and watercooler.

GitHub | SoundCloud | Keybase

#3 JohnC_21

JohnC_21
  • Topic Starter

  • Members
  • 23,663 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:31 PM

Posted 11 August 2016 - 11:32 AM

It should make it possible to install a different OS on a device that Microsoft locks out using SecureBoot that cannot be disabled. Maybe that's a good thing.


Edited by JohnC_21, 11 August 2016 - 11:32 AM.


#4 rp88

rp88

  • Members
  • 3,002 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:01:31 AM

Posted 12 August 2016 - 03:54 PM

Overall, given that anyone relying on secureboot for protection is still totally undefended from ransomware, trojans, keylogging, the reading and editing of any file on their system... I would say this is a good thing not a bad one. It will let people with locked devices boot other operating systems if they want to, I think compared to the small badness of the security risk this goodness outweighs it. Secureboot is a line of defence so far back it is behind everything that matters, all it can do is slightly mitigate the damage in the case of attackers trying to make it harder to reset the infected machine to a pre-infected state, secureboot does nothing to stop infection or limit the damage infections can do in terms of things like damaging or deleting data.
Back on this site, for a while anyway, been so busy the last year.

My systems:2 laptops, intel i3 processors, windows 8.1 installed on the hard-drive and linux mint 17.3 MATE installed to USB

#5 Gorbulan

Gorbulan

  • Members
  • 832 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 12 August 2016 - 04:28 PM

It should make it possible to install a different OS on a device that Microsoft locks out using SecureBoot that cannot be disabled. Maybe that's a good thing.

 

Indeed. I am not a big fan of SecureBoot. 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users