Researchers Crack Microsoft Feature, Say Encryption Backdoors Similarly Crackable

An anonymous reader writes: Researchers who uncovered a security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work. The pair of researchers, credited by their hacker nicknames MY123 and Slipstream, found the cryptographic key protecting a feature called Secure Boot. They believe the discovery highlights a problem with requests law enforcement officials have made for technology companies to provide police with some form of access to otherwise virtually unbreakable encryption that might be used by criminals. "Microsoft implemented a 'secure golden key' system. And the golden keys got released from [Microsoft's] own stupidity," wrote the researchers in their report, in a section addressed by name to the FBI.

Microsoft; Secure? Bwahahaha!

[UnknownSoldier]

Their security has a been a joke for *decades*.

Re:Microsoft; Secure? Bwahahaha!

[clubby]

That implies that it was once respected. I think it's more accurate to say that their security has *always* been a joke.

Re:That "Microsoft Feature" is Secure Boot

[AmiMoJo]

An update has appeared that claims to fix this issue (KB3172729). Presumably they have revoked that key and replaced it with a new one.

This isn't really an issue with backdoors though, it's just an issue with public key crypto in general. You have to protect the private key, and not accidentally leak it. And to be fair to Microsoft, they aren't the only ones. Apple leaked the private key for their firmware updates, allowing you to create an undetectable rootkit that lived in, say, the battery firmware and which could not be removed by a full HDD wipe. And Github regularly scans for people accidentally posting their private keys when they commit code.