Researchers Crack Microsoft Feature, Say Encryption Backdoors Similarly Crackable

An anonymous reader writes: Researchers who uncovered a security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work. The pair of researchers, credited by their hacker nicknames MY123 and Slipstream, found the cryptographic key protecting a feature called Secure Boot. They believe the discovery highlights a problem with requests law enforcement officials have made for technology companies to provide police with some form of access to otherwise virtually unbreakable encryption that might be used by criminals. "Microsoft implemented a 'secure golden key' system. And the golden keys got released from [Microsoft's] own stupidity," wrote the researchers in their report, in a section addressed by name to the FBI.

proof that encryption backdoors do not work

proof that [anything developed by Microsoft does] not work.

FTFY.

Re: proof that encryption backdoors do not work

Maybe they shouldn't have emailed the key to Hillary?

Re: proof that encryption backdoors do not work

The Russian hackers would have posted it to Wikileaks anyway.

Re: proof that encryption backdoors do not work

When's the last time YOU did any work?

Dear God

[TechyImmigrant]

That web site is annoying. 8 bit game music and the text jitters.

Re:Dear God

That's a long way to say "What's NoScript?"

Re:Dear God

[awfar]

Haha, I thought it annoying but hilarious, going way, way back to the demo days. Good show.

Re:Dear God

[number6x]

Very 1980's. Reminds me of the computer demo scene.

Re:Dear God

[TechyImmigrant]

I solved my problem using copy and paste.
 

Re:Dear God

I liked the starfield and the music, but could not read because of the jumping text.

Anyway, after the text loaded (i.e. it start jumping) put "javacript:function doTextEffects(){}" without the quotes into the addressbar. It re-defines the function responsible for jumping with an empty one.

Re:Dear God

[gweihir]

It is also mostly text. Copy & paste into text-editor and read without the hassle.

"Crack Microsoft Feature"

[Ukab+the+Great]

When will the folks in Redmond put down the pipes?

Re:"Crack Microsoft Feature"

[geek]

When will the folks in Redmond put down the pipes?

You laugh but it's a bit ironic. This wasn't a crack, it was a leak. MS actually gave everyone the fucking keys. This is great for me though, I spent 4 hours yesterday telling everyone at work that Microsoft is just as fucked on security today as they were 20 years ago. Then this happens and I'm totally vindicated.

Re:"Crack Microsoft Feature"

[pr0fessor]

They locked the door but left the windows open....

Re:"Crack Microsoft Feature"

[drinkypoo]

I don't know many folks with the courage to take the position that Microsoft products might be insecure.
Way to go out on a limb and still manage to come up totally vindicated!

You were aiming for funny, but what you actually got was chilling, because in fact that is a courageous position in many boardrooms and meeting halls across the country. It is, as usual, due to cognitive dissonance. People who think they are big swinging dicks because of their corporate position believe that Microsoft must be the ultimate cocksman because of its lofty position atop the market. In order to accept that Microsoft might actually be incompetent in spite of their market dominance, they have to accept that they might actually be incompetent in spite of their dominance of their fellow employee. This will never happen, so they will argue to the end that dominance equals competence. When something bad happens to Microsoft it's someone else's fault, just as when they make a mistake it's someone else's fault. They don't just pin the blame on someone else to avoid punishment — they pin the blame on someone else to avoid enlightenment.

Re:"Crack Microsoft Feature"

[RockDoctor]

They locked the nag's bridle and forgot the chastity belt?

Unbelievably obnoxious fucking article

Rotating golden key, moving starfield and crappy text. Virtually unreadable article. WTF?

Re:Unbelievably obnoxious fucking article

[OrangeTide]

I sure do miss GeoCities and MySpace.

Re:Unbelievably obnoxious fucking article

[drinkypoo]

Rotating golden key, moving starfield and crappy text. Virtually unreadable article. WTF?

All I see is some monospace white on black with blue links, and I could change that to white on black if I had hacktheweb installed. Maybe you should work on this how to internet thing.

Working as Designed!

Oh it works, just not they way people who are concerned with privacy want it to.

Microsoft; Secure? Bwahahaha!

[UnknownSoldier]

Their security has a been a joke for *decades*.

Re:Microsoft; Secure? Bwahahaha!

[clubby]

That implies that it was once respected. I think it's more accurate to say that their security has *always* been a joke.

Re:Microsoft; Secure? Bwahahaha!

[UnknownSoldier]

I stand corrected. :-)

That "Microsoft Feature" is Secure Boot

Microsoft made a signed policy file which can be used with a Microsoft signed UEFI boot loader to turn off Secure Boot, and accidentally (?) published that policy with the Windows 10 anniversary update. Using this policy, Secure Boot can even be disabled on systems that won't allow the owner to disable it. And of course, this can be used to turn off Secure Boot remotely, so basically Microsoft eradicated any benefit that Secure Boot might have had. Now it's just annoying.

Re:That "Microsoft Feature" is Secure Boot

[AmiMoJo]

An update has appeared that claims to fix this issue (KB3172729). Presumably they have revoked that key and replaced it with a new one.

This isn't really an issue with backdoors though, it's just an issue with public key crypto in general. You have to protect the private key, and not accidentally leak it. And to be fair to Microsoft, they aren't the only ones. Apple leaked the private key for their firmware updates, allowing you to create an undetectable rootkit that lived in, say, the battery firmware and which could not be removed by a full HDD wipe. And Github regularly scans for people accidentally posting their private keys when they commit code.

Re:That "Microsoft Feature" is Secure Boot

The updates that claim to fix the issue just make it harder (not impossible!) to use the policy.

Well, the first one does. The second one revokes a bunch of .efi files, not sure what. I checked some useful files, they aren't included.

Re:That "Microsoft Feature" is Secure Boot

The obvious problem is that they can't revoke the key that enables the boot loader, because that would stop countless devices from booting installation media, recovery partitions and restored systems. They can revoke the key that enables the policy, but anybody with admin rights can replace the boot loader with an older version that doesn't have this key blacklisted, and use that to disable Secure Boot. The magnitude of this fuck-up can hardly be overestimated.

Re:That "Microsoft Feature" is Secure Boot

In principal no-one should have access to the private key, even inside the organization. The keys are supposed to be on a locked down system and signing is supposed to happen in one controlled place.

Sounds great except most organizations regard this as so annoying that they don't implement it and give everyone the key. Plus, that machine has to be physically secure and unhackable. Show me an unhackable machine and I'll show you my bare arse.

Re:That "Microsoft Feature" is Secure Boot

[Opportunist]

A secure machine? No problem. In my basement, behind concrete walls, no connection to the outside and my mother in law with her +5 rolling pin of swatting standing in front of it.

You owe me your ass.

Re:That "Microsoft Feature" is Secure Boot

The revocation list is checked by the boot manager after policies are loaded. By the point in the startup sequence, it's too late. However, a Microsoft tool used to provision the policy into the firmware does check the revocation list, and thus refuses to accept the magic policy when you try to install it, so MS16-094 acts merely as a minor roadblock.

Re:That "Microsoft Feature" is Secure Boot

[macs4all]

Apple leaked the private key for their firmware updates

Citation, please?

Re:That "Microsoft Feature" is Secure Boot

[AmiMoJo]

http://arstechnica.com/apple/2...

Just Google it next time.

Re:That "Microsoft Feature" is Secure Boot

[guruevi]

Secure Boot is not a security feature, it is simply intended to make sure you don't install an "unapproved" OS on things like their Surface Pro. Any vendor can thus lock any otherwise relatively open hardware into "their" software under whatever guise (security, export restrictions, terrorism).

Re:That "Microsoft Feature" is Secure Boot

[gweihir]

Indeed. The one thing you absolutely need to do right (besides key-generation) in a public-key system is to keep the secret key secret. If you cannot do that, then you have no business building anything with security implications. Yes, MS is utterly incompetent and has been known for ages to be.

Re:That "Microsoft Feature" is Secure Boot

[gweihir]

Indeed. The whole "security" thing is just a cover-up lie.

Re:That "Microsoft Feature" is Secure Boot

[macs4all]

http://arstechnica.com/apple/2...

Just Google it next time.

I did; but tofu description was so hyperbolic that I didn't find the reference.

And according to the article, Apple didn't "leak" anything. They simply used a default password for their battery controller..Not smart; but it only affected the battery subsystem, and couldn't be used to access anything else in the laptop.

Then they fixed it.

Re:That "Microsoft Feature" is Secure Boot

The key hasn't been leaked. It has been used to sign a policy which has been published accidentally. With that policy, the Microsoft boot loader uses UEFI boot services to turn off Secure Boot. So, besides keeping secret keys secret, you also need to be careful what you sign.

Re:That "Microsoft Feature" is Secure Boot

[gweihir]

Yes, technically you are right. But signing anything an attacker can ever wish for with the secret key and then handing it over is hardly any better.

Re:That "Microsoft Feature" is Secure Boot

[ananamouse]

>The magnitude of this fuck-up can hardly be overestimated.
OK, I'll try. How about that moment during the battle at the gates of Mordor when Frodo slipped on the ring there by the fires of Mt. Doom and Sauron suddenly realized that his stupidity was without fathom.

Just make stupidity illegal

Congress-critter: If it was just stupidity that was to blame, we'll just make stupidity illegal. Problem solved!

LEO: If stupidity is outlawed, only criminals will be stupid.

Re:Just make stupidity illegal

[Opportunist]

Congress will never outlaw stupidity. When heave they ever made a law that has negative effects that affects mostly themselves?

Re:Just make stupidity illegal

If stupidity is outlawed, we'll have to rewrite the Law Enforcement Examination (LEE).

Access to encryption might work

...but whoever's getting the golden key should put $10B in escrow as guarantee that it won't get leaked. If someone is asking for the key without offering a guarantee then they can't be trusted.

Re:Access to encryption might work

[guruevi]

$10B is chump change to our government and the government can't be held liable in these endeavors.

Das Boot

Ist sunk!

Lawsuit

Now, I need to sue Microsoft for promising that my device is secure when it really is not. It was defective by design.

challenge accepted!

Show me an unhackable machine and I'll show you my bare arse.

Sounds like an easily exploitable security hole to me...

Re: challenge accepted!

PoC, suppository laced with LSD. You just got mindfucked and buttfucked.

Re: challenge accepted!

Where do I sign up?

We Already Knew That

Encryption backdoors are untenable: We Already Knew That.

The FBI however, will continue to act like Grandpa who cannot hear properly, doesn't understand the music these days, and want's the encryption kids to get off it's lawn!!

Re:We Already Knew That

[Opportunist]

We'd have no problem with that, if only gramps FBI would get offa our lawn.

Re:We Already Knew That

[gweihir]

That is because nothing happens to the FBI if they screw up. Hence they screw up more and more, because screwing up is easier and cheaper than not screwing up. Power without accountability will invariably do that to any organization.

Misleading ... Didn't "crack" anything

[GeekMarine72]

They read the specification, they reviewed the implementation, and they found a published key. I am unsure how people define "crack" but this seems more like "I reviewed stuff thoughtfully and published the findings".

Re:Misleading ... Didn't "crack" anything

[Jason+Levine]

"You hacked into my house!"

"No, I didn't. I read the sign posted on your door that said 'The spare key is under the third rock on the left along the path leading up to the door.' I lifted that rock, found the key, and opened your door."

"HACKER!!!!"

Re:Misleading ... Didn't "crack" anything

I am unsure how people define "crack" but this seems more like "I reviewed stuff thoughtfully and published the findings".

That's pretty much the definition. The word 'crack' carries more nefarious connotations than 'security research', even if they mean the same thing.

How to kill such organizations.

[Ungrounded+Lightning]

The keys are supposed to be on a locked down system and signing is supposed to happen in one controlled place.

And if you do it that way you have created a single point of failure for the company - or at least all its deployed products. Kill that system, they're hosed. Ditto if (when) it dies.

So either they don't do it this "recommended" way or there is some kind of backup - which then also isn't this "recommended" way and becomes a potential security leak.

Dammed if you do, damned if you don't.

Re:How to kill such organizations.

[MooseTick]

"And if you do it that way you have created a single point of failure for the company"

No one said it can only be in one place. You could copy the key to several OFFLINE hard disks and put them in secure place(s) OFFLINE. You could print the key and secure that in one or more place. There are several options where it can be extremely secure yet not rely on a single system to not fail.

So WinRT ARM devices aren't useless now?

Can someone make a Linux build for these now and make them useful again?

Re:So WinRT ARM devices aren't useless now?

[tehlinux]

again?!

Re: So WinRT ARM devices aren't useless now?

[MayeulC]

My thought exactly. A surface RT might actually be a great device without windows on it. Now, give me this golden key. Or just a damn tool to disable secure boot. I honestly don't want to fiddle much with this Microsoft stuff.

Re:So WinRT ARM devices aren't useless now?

[Myria]

My exploit from last year (CVE-2015-2552) already allowed trivially jailbreaking Surface RT tablets to run unsigned Windows programs.

This new exploit, however, adds the ability to run unsigned (technically, self-signed) .efi files, before Windows boots. In order to run an alternative operating system, you need to be able to run .efi files, because it is not possible to chainload from an EFI OS.

So yes, theoretically, you could make an Android distro for Surface RT now.

Re:So WinRT ARM devices aren't useless now?

[RockDoctor]

Why an Android distro and not a generic Linux/ HURD/ BSD* or other OS? For example, the hinted at Huwaei-OS. Yeah, a runnable Huawei-OS distro for Surface-RT would put a nice big hungry cat in amongst a large flock of fat wing-clipped pigeons.

Re:Only LUDDITES would hack Secure Boot!

I think if you beat a dead horse for several years straight it becomes funny in an ironic way.

"Government only" keys do not exist

[Opportunist]

Dear politicians: There will never be a backdoor key that only your law enforcement will have. Such things tend to be very, very valuable. Being able to decrypt any and all trade secrets is valuable. At a level where nation states start to be interested, not just some petty criminals, or even large criminal entities. Governments are interested. And they tend to have very, very deep pockets. Pockets deep enough that pretty much anyone becomes open for bribes. And if bribes don't work, well, there are other ways to be convincing.

Any key you have will also be held by Iran, Russia and probably even North Korea within reasonable time. That backdoor game is an odd one: The only winning move is not to play it.

Re:"Government only" keys do not exist

[AHuxley]

What are the options? A mandated "gov inside" backdoor on every phone able to be used to connect to any US network?
A state and federal designed in PRISM like NSA and GCHQ decryption network set into every hardware company with access by any state task force with federal funding by default?
Microsoft handed the NSA access to encrypted messages (12 July 2013)
https://www.theguardian.com/wo...
"Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport"."

Re "That backdoor game is an odd one: The only winning move is not to play it." What would a backdoor given to the gov look like?
Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
"involved the illegal tapping of more than 100 mobile phones" ... "belonging mostly to members of the Greek government and top-ranking civil servants"
SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
"enter the Telecom system and implement wiretaps without leaving a trace" ... "including politicians, magistrates, football players and referees had been placed under illegal surveillance""
Once any gov keys get copied, kept by, sold, offered to the media by ex staff, former staff, anyone can have access or even send data, new upgrades back down to any device :)

SECURE BOOT WAS A LIE FROM THE GET-GO

>security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work

You can take the drive out and read it with Linux. You can not take a Linux drive out and read it with Windows.

Gee.

It was never intended to be protection because physical access to any Windows machine is merely the second time you can spy on it. The first time is when you boot it up and connect to the Internet. Who reads it? Microsoft, and the US Government.

Speaking of FBI in the summary... that roll 'em site .. don't even click it. The summary subtly and disingenuously portrays Microsoft as unconnected to the FBI. This is a bold face fucking lie. Slashdot is FBI, Microsoft is US government too.

As for doing what the police want, do the police want the public to continue to fund their salaries? The US public are not paying taxes so they can be spied on and gestapo'd by a bunch of lying dickheads eating donuts.

Fuck you Dice, you are bitches now. Fuck your FBI honeypot team too.

Re:SECURE BOOT WAS A LIE FROM THE GET-GO

Bitlocker is something different, before somebody chimes in.

Bitlocker keys are also something Microsoft keep handy. You knew it too when you read their source code and fine print right?

In a world of permanent change...

[OneHundredAndTen]

... it makes one feel warm and fuzzy to be reminded that Microsoft can always be relied on to do what is stupid and/or obnoxious.

Re:In a world of permanent change...

[PPH]

Microsoft can always be relied on

Not always. It's totally random.

my fav part

[bobmajdakjr]

was the part where he was like HEY FBI SEE WHAT YOU DID THIS IS TERRIBLE YOU SHOULD FEEL BAD as if they are not sitting there laughing their asses off thinking "duh that was the point"

Re:my fav part

-1 on for you on that from default 2? dead giveaway FBI site here.

Copyright a Key?

Just curious is anyone knows whether MS can claim copyright in their master key?

I know that a patent is possible on a prime number, but have never heard one way or the other on copyright. Would have though it impossible, until the idiots at the 9th Circus said that an API can be copyrighted.

Re:Copyright a Key?

[ewhac]

Just curious is anyone knows whether MS can claim copyright in their master key?

Probably not. Copyright protects creative expression. There is no creativity involved in the creation of a cryptographic key, so copyright would almost certainly not apply.

Re:Copyright a Key?

[cellocgw]

Just curious is anyone knows whether MS can claim copyright in their master key?

Probably not. Copyright protects creative expression. There is no creativity involved in the creation of a cryptographic key, so copyright would almost certainly not apply.

"no creativity" -- you clearly haven't read some recent copyrighted books, or listened to some recent copyrighted music (and I use the term "music" rather loosely here)

Re:Only LUDDITES would hack Secure Boot!

[macs4all]

I think if you beat a dead horse for several years straight it becomes funny in an ironic way.

As A. Whitney Brown said on SNL: "There's no reason to beat a dead horse... except for the pure joy of it..."

... and the congress reacts

[Lead+Butthead]

... by outlawing disclosure of the the key, and declares victory over "sinister forces seeking to undermine our freedom" (whatever the hell that means.)
moral of the story, don't leave a bunch of old greedy fucks with no comprehension of technology to regulate it.

Re:Only LUDDITES would hack Secure Boot!

It was never funny.

Bring popcorn to the meeting at Microsoft!

Because if you have the golden key, you can revoke and replace the golden keys and the personal keys held in escrow by Microsoft, and avoid the extremely cooperative Microsoft approach to providing these to any schmuck with a rubber-stamped piece of paper saying "government on it".

I was at the MIT lecture hall where Brian Lamacchia presented about the "Palladium" software, since renamed "Trusted Computing" and the core of "Secure Boot". The audience was very unhappy with his pretense that all this security structure was aimed at anything but vendor lockin and DRM and backdoors, rather than personal privacy. Microsoft's storage of *all* the private keys in their own personal escrow, with no policy on who or what could obtain personal or private keys without the owner's permission or even knowledge, was a dead giveaway.

I asked Brian "What would occur if Microsoft chose to misuse or mishandle this technology?" Brian said he and engineers like him would resign. I said "Like you resigned from .NET, and they did it anyway?" I don't think he realized people in the audience knew about that one. Brian is technically intelligent, but doesn't understand even office politics, much less the political hardball surrounding encryption.

Then, a bit later, Richard M. Stallman rose from his seat. Brian was *not* expecting rms! I wish I'd had popcorn for that moment, too, because Richard tore Brian a new one for locking people's own softwaer and computer resources away from their ownership and personal control. Some of us knew Richard and enjoyed the show: Brian apparently hadn't been paying attention to the nature of his audience, he was so excited to show of "ooohhh, shiny" toy.

Stupid Post

Does anybody edit the links?

This really deserves a song.

[sehlat]

Music: "Brand New Key"

Oh, I blew a software giant to smithereens,
I got its Golden Key.
Wonder what other tasks a wandering mind
Might have for me.

Is this megalomania?
Am I out of my tree?
Cuz I blew a software giant to smithereens,
I got its Golden Key.

Re: Only LUDDITES would hack Secure Boot!

Which makes it even funnier.