Researchers crack Microsoft feature, say encryption backdoors similarly crackable


Researchers crack Microsoft feature, say encryption backdoors similarly crackable Researchers who uncovered a security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work. “This is a perfect real world example about why your idea of backdooring cryptosystems with a ‘secure golden key’ is very bad! Smarter people than me have been telling this to you for so long, it seems you have your fingers in your ears,” writes Slipstream in the report. The pair of researchers, credited by their hacker nicknames MY123 and Slipstream, found the cryptographic key protecting a feature called Secure Boot. They believe the discovery highlights a problem with requests law enforcement officials have made for technology companies to provide police with some form of access to otherwise virtually unbreakable encryption that might be used by criminals. “Microsoft implemented a ‘secure golden key’ system. And the golden keys got released from [Microsoft's] own stupidity,” wrote the researchers in their report, in a section addressed by name to the FBI. There appears to have been a mode set up for developers to disable the keys being checked. MY123 and Slipstream were able to exploit a design flaw in the system to steal the keys to the mode that disables the keys. The pair notified Microsoft of the design flaw, and Microsoft has made a few patch attempts to fix it. But the patches, writes Slipstream, have not worked. But the keys' release is nonetheless cause for celebration for many Microsoft device owners. The phones and tablets that could not turn off Secure Boot before now have the ability to do so, which means people who had no ability to change operating systems on their tablets now have that ability. See http://ift.tt/2aRz4j1

Comments