Slashdot Mirror

← Back to Stories (view on slashdot.org)

Researchers Crack Microsoft Feature, Say Encryption Backdoors Similarly Crackable (thehill.com)

Posted by msmash on from the crackable-world dept.

An anonymous reader writes: Researchers who uncovered a security key that protects Windows devices as they boot up say their discovery is proof that encryption backdoors do not work. The pair of researchers, credited by their hacker nicknames MY123 and Slipstream, found the cryptographic key protecting a feature called Secure Boot. They believe the discovery highlights a problem with requests law enforcement officials have made for technology companies to provide police with some form of access to otherwise virtually unbreakable encryption that might be used by criminals. "Microsoft implemented a 'secure golden key' system. And the golden keys got released from [Microsoft's] own stupidity," wrote the researchers in their report, in a section addressed by name to the FBI.

54 of 86 comments (clear)

  1. proof that encryption backdoors do not work by Anonymous Coward · · Score: 5, Funny

    proof that [anything developed by Microsoft does] not work.

    FTFY.

    1. Re: proof that encryption backdoors do not work by Anonymous Coward · · Score: 1

      Maybe they shouldn't have emailed the key to Hillary?

  2. Dear God by TechyImmigrant · · Score: 3, Informative

    That web site is annoying. 8 bit game music and the text jitters.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    1. Re:Dear God by Anonymous Coward · · Score: 4, Funny

      That's a long way to say "What's NoScript?"

    2. Re:Dear God by awfar · · Score: 1

      Haha, I thought it annoying but hilarious, going way, way back to the demo days. Good show.

    3. Re:Dear God by number6x · · Score: 2

      Very 1980's. Reminds me of the computer demo scene.

    4. Re:Dear God by gweihir · · Score: 1

      It is also mostly text. Copy & paste into text-editor and read without the hassle.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  3. "Crack Microsoft Feature" by Ukab+the+Great · · Score: 1

    When will the folks in Redmond put down the pipes?

    1. Re:"Crack Microsoft Feature" by geek · · Score: 4, Interesting

      When will the folks in Redmond put down the pipes?

      You laugh but it's a bit ironic. This wasn't a crack, it was a leak. MS actually gave everyone the fucking keys. This is great for me though, I spent 4 hours yesterday telling everyone at work that Microsoft is just as fucked on security today as they were 20 years ago. Then this happens and I'm totally vindicated.

    2. Re:"Crack Microsoft Feature" by pr0fessor · · Score: 1

      They locked the door but left the windows open....

    3. Re:"Crack Microsoft Feature" by drinkypoo · · Score: 2

      I don't know many folks with the courage to take the position that Microsoft products might be insecure.
      Way to go out on a limb and still manage to come up totally vindicated!

      You were aiming for funny, but what you actually got was chilling, because in fact that is a courageous position in many boardrooms and meeting halls across the country. It is, as usual, due to cognitive dissonance. People who think they are big swinging dicks because of their corporate position believe that Microsoft must be the ultimate cocksman because of its lofty position atop the market. In order to accept that Microsoft might actually be incompetent in spite of their market dominance, they have to accept that they might actually be incompetent in spite of their dominance of their fellow employee. This will never happen, so they will argue to the end that dominance equals competence. When something bad happens to Microsoft it's someone else's fault, just as when they make a mistake it's someone else's fault. They don't just pin the blame on someone else to avoid punishment — they pin the blame on someone else to avoid enlightenment.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    4. Re:"Crack Microsoft Feature" by RockDoctor · · Score: 1

      They locked the nag's bridle and forgot the chastity belt?

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  4. Unbelievably obnoxious fucking article by Anonymous Coward · · Score: 2, Informative

    Rotating golden key, moving starfield and crappy text. Virtually unreadable article. WTF?

    1. Re:Unbelievably obnoxious fucking article by OrangeTide · · Score: 2

      I sure do miss GeoCities and MySpace.

      --
      “Common sense is not so common.” — Voltaire
    2. Re:Unbelievably obnoxious fucking article by drinkypoo · · Score: 1

      Rotating golden key, moving starfield and crappy text. Virtually unreadable article. WTF?

      All I see is some monospace white on black with blue links, and I could change that to white on black if I had hacktheweb installed. Maybe you should work on this how to internet thing.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  5. Microsoft; Secure? Bwahahaha! by UnknownSoldier · · Score: 4, Insightful

    Their security has a been a joke for *decades*.

    1. Re:Microsoft; Secure? Bwahahaha! by clubby · · Score: 5, Insightful

      That implies that it was once respected. I think it's more accurate to say that their security has *always* been a joke.

    2. Re:Microsoft; Secure? Bwahahaha! by UnknownSoldier · · Score: 1

      I stand corrected. :-)

  6. That "Microsoft Feature" is Secure Boot by Anonymous Coward · · Score: 5, Informative

    Microsoft made a signed policy file which can be used with a Microsoft signed UEFI boot loader to turn off Secure Boot, and accidentally (?) published that policy with the Windows 10 anniversary update. Using this policy, Secure Boot can even be disabled on systems that won't allow the owner to disable it. And of course, this can be used to turn off Secure Boot remotely, so basically Microsoft eradicated any benefit that Secure Boot might have had. Now it's just annoying.

    1. Re:That "Microsoft Feature" is Secure Boot by AmiMoJo · · Score: 4, Insightful

      An update has appeared that claims to fix this issue (KB3172729). Presumably they have revoked that key and replaced it with a new one.

      This isn't really an issue with backdoors though, it's just an issue with public key crypto in general. You have to protect the private key, and not accidentally leak it. And to be fair to Microsoft, they aren't the only ones. Apple leaked the private key for their firmware updates, allowing you to create an undetectable rootkit that lived in, say, the battery firmware and which could not be removed by a full HDD wipe. And Github regularly scans for people accidentally posting their private keys when they commit code.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    2. Re:That "Microsoft Feature" is Secure Boot by Anonymous Coward · · Score: 2, Informative

      The obvious problem is that they can't revoke the key that enables the boot loader, because that would stop countless devices from booting installation media, recovery partitions and restored systems. They can revoke the key that enables the policy, but anybody with admin rights can replace the boot loader with an older version that doesn't have this key blacklisted, and use that to disable Secure Boot. The magnitude of this fuck-up can hardly be overestimated.

    3. Re:That "Microsoft Feature" is Secure Boot by Opportunist · · Score: 1

      A secure machine? No problem. In my basement, behind concrete walls, no connection to the outside and my mother in law with her +5 rolling pin of swatting standing in front of it.

      You owe me your ass.

      --
      We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    4. Re:That "Microsoft Feature" is Secure Boot by macs4all · · Score: 1

      Apple leaked the private key for their firmware updates

      Citation, please?

    5. Re:That "Microsoft Feature" is Secure Boot by AmiMoJo · · Score: 4, Informative

      http://arstechnica.com/apple/2...

      Just Google it next time.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    6. Re:That "Microsoft Feature" is Secure Boot by guruevi · · Score: 1

      Secure Boot is not a security feature, it is simply intended to make sure you don't install an "unapproved" OS on things like their Surface Pro. Any vendor can thus lock any otherwise relatively open hardware into "their" software under whatever guise (security, export restrictions, terrorism).

      --
      Custom electronics and digital signage for your business: www.evcircuits.com
    7. Re:That "Microsoft Feature" is Secure Boot by gweihir · · Score: 1

      Indeed. The one thing you absolutely need to do right (besides key-generation) in a public-key system is to keep the secret key secret. If you cannot do that, then you have no business building anything with security implications. Yes, MS is utterly incompetent and has been known for ages to be.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    8. Re:That "Microsoft Feature" is Secure Boot by gweihir · · Score: 1

      Indeed. The whole "security" thing is just a cover-up lie.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    9. Re:That "Microsoft Feature" is Secure Boot by macs4all · · Score: 1

      http://arstechnica.com/apple/2...

      Just Google it next time.

      I did; but tofu description was so hyperbolic that I didn't find the reference.

      And according to the article, Apple didn't "leak" anything. They simply used a default password for their battery controller..Not smart; but it only affected the battery subsystem, and couldn't be used to access anything else in the laptop.

      Then they fixed it.

    10. Re:That "Microsoft Feature" is Secure Boot by gweihir · · Score: 1

      Yes, technically you are right. But signing anything an attacker can ever wish for with the secret key and then handing it over is hardly any better.

      --
      Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
    11. Re:That "Microsoft Feature" is Secure Boot by ananamouse · · Score: 1

      >The magnitude of this fuck-up can hardly be overestimated.
      OK, I'll try. How about that moment during the battle at the gates of Mordor when Frodo slipped on the ring there by the fires of Mt. Doom and Sauron suddenly realized that his stupidity was without fathom.

  7. challenge accepted! by Anonymous Coward · · Score: 5, Funny

    Show me an unhackable machine and I'll show you my bare arse.

    Sounds like an easily exploitable security hole to me...

  8. Misleading ... Didn't "crack" anything by GeekMarine72 · · Score: 1

    They read the specification, they reviewed the implementation, and they found a published key. I am unsure how people define "crack" but this seems more like "I reviewed stuff thoughtfully and published the findings".

    1. Re:Misleading ... Didn't "crack" anything by Jason+Levine · · Score: 1

      "You hacked into my house!"

      "No, I didn't. I read the sign posted on your door that said 'The spare key is under the third rock on the left along the path leading up to the door.' I lifted that rock, found the key, and opened your door."

      "HACKER!!!!"

      --
      My sci-fi novel, Ghost Thief, is now available from Amazon.com.
  9. How to kill such organizations. by Ungrounded+Lightning · · Score: 1

    The keys are supposed to be on a locked down system and signing is supposed to happen in one controlled place.

    And if you do it that way you have created a single point of failure for the company - or at least all its deployed products. Kill that system, they're hosed. Ditto if (when) it dies.

    So either they don't do it this "recommended" way or there is some kind of backup - which then also isn't this "recommended" way and becomes a potential security leak.

    Dammed if you do, damned if you don't.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    1. Re:How to kill such organizations. by MooseTick · · Score: 1

      "And if you do it that way you have created a single point of failure for the company"

      No one said it can only be in one place. You could copy the key to several OFFLINE hard disks and put them in secure place(s) OFFLINE. You could print the key and secure that in one or more place. There are several options where it can be extremely secure yet not rely on a single system to not fail.

      --
      Ninjas don't carry tic tacs
  10. So WinRT ARM devices aren't useless now? by Anonymous Coward · · Score: 1

    Can someone make a Linux build for these now and make them useful again?

    1. Re:So WinRT ARM devices aren't useless now? by tehlinux · · Score: 1

      again?!

      --
      Most linux users don't know this, but the man pages were named after Chuck Norris. Chuck Norris fsck'ing hates noobs!
    2. Re: So WinRT ARM devices aren't useless now? by MayeulC · · Score: 1

      My thought exactly. A surface RT might actually be a great device without windows on it. Now, give me this golden key. Or just a damn tool to disable secure boot. I honestly don't want to fiddle much with this Microsoft stuff.

    3. Re:So WinRT ARM devices aren't useless now? by Myria · · Score: 2

      My exploit from last year (CVE-2015-2552) already allowed trivially jailbreaking Surface RT tablets to run unsigned Windows programs.

      This new exploit, however, adds the ability to run unsigned (technically, self-signed) .efi files, before Windows boots. In order to run an alternative operating system, you need to be able to run .efi files, because it is not possible to chainload from an EFI OS.

      So yes, theoretically, you could make an Android distro for Surface RT now.

      --
      "Screw Sun, cross-platform will never work. Let's move on and steal the Java language." - Visual J++ Product Manager
    4. Re:So WinRT ARM devices aren't useless now? by RockDoctor · · Score: 1

      Why an Android distro and not a generic Linux/ HURD/ BSD* or other OS? For example, the hinted at Huwaei-OS. Yeah, a runnable Huawei-OS distro for Surface-RT would put a nice big hungry cat in amongst a large flock of fat wing-clipped pigeons.

      --
      Birds are not dinosaur descendants;birds are dinosaurs, for all useful meanings of "birds", "are" and "dinosaurs"
  11. "Government only" keys do not exist by Opportunist · · Score: 4, Informative

    Dear politicians: There will never be a backdoor key that only your law enforcement will have. Such things tend to be very, very valuable. Being able to decrypt any and all trade secrets is valuable. At a level where nation states start to be interested, not just some petty criminals, or even large criminal entities. Governments are interested. And they tend to have very, very deep pockets. Pockets deep enough that pretty much anyone becomes open for bribes. And if bribes don't work, well, there are other ways to be convincing.

    Any key you have will also be held by Iran, Russia and probably even North Korea within reasonable time. That backdoor game is an odd one: The only winning move is not to play it.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
    1. Re:"Government only" keys do not exist by AHuxley · · Score: 1

      What are the options? A mandated "gov inside" backdoor on every phone able to be used to connect to any US network?
      A state and federal designed in PRISM like NSA and GCHQ decryption network set into every hardware company with access by any state task force with federal funding by default?
      Microsoft handed the NSA access to encrypted messages (12 July 2013)
      https://www.theguardian.com/wo...
      "Material collected through Prism is routinely shared with the FBI and CIA, with one NSA document describing the program as a "team sport"."

      Re "That backdoor game is an odd one: The only winning move is not to play it." What would a backdoor given to the gov look like?
      Greek wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
      "involved the illegal tapping of more than 100 mobile phones" ... "belonging mostly to members of the Greek government and top-ranking civil servants"
      SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
      "enter the Telecom system and implement wiretaps without leaving a trace" ... "including politicians, magistrates, football players and referees had been placed under illegal surveillance""
      Once any gov keys get copied, kept by, sold, offered to the media by ex staff, former staff, anyone can have access or even send data, new upgrades back down to any device :)

      --
      Domestic spying is now "Benign Information Gathering"
  12. Re:We Already Knew That by Opportunist · · Score: 1

    We'd have no problem with that, if only gramps FBI would get offa our lawn.

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  13. Re:Just make stupidity illegal by Opportunist · · Score: 2

    Congress will never outlaw stupidity. When heave they ever made a law that has negative effects that affects mostly themselves?

    --
    We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
  14. my fav part by bobmajdakjr · · Score: 1

    was the part where he was like HEY FBI SEE WHAT YOU DID THIS IS TERRIBLE YOU SHOULD FEEL BAD as if they are not sitting there laughing their asses off thinking "duh that was the point"

  15. Re:Only LUDDITES would hack Secure Boot! by macs4all · · Score: 1

    I think if you beat a dead horse for several years straight it becomes funny in an ironic way.

    As A. Whitney Brown said on SNL: "There's no reason to beat a dead horse... except for the pure joy of it..."

  16. ... and the congress reacts by Lead+Butthead · · Score: 1

    ... by outlawing disclosure of the the key, and declares victory over "sinister forces seeking to undermine our freedom" (whatever the hell that means.)
    moral of the story, don't leave a bunch of old greedy fucks with no comprehension of technology to regulate it.

    --
    ELOI, ELOI, LAMA SABACHTHANI!?
  17. Re:Copyright a Key? by ewhac · · Score: 1

    Just curious is anyone knows whether MS can claim copyright in their master key?

    Probably not. Copyright protects creative expression. There is no creativity involved in the creation of a cryptographic key, so copyright would almost certainly not apply.

    --
    Editor, A1-AAA AmeriCaptions
  18. Re:In a world of permanent change... by PPH · · Score: 1

    Microsoft can always be relied on

    Not always. It's totally random.

    --
    Have gnu, will travel.
  19. Re:Access to encryption might work by guruevi · · Score: 1

    $10B is chump change to our government and the government can't be held liable in these endeavors.

    --
    Custom electronics and digital signage for your business: www.evcircuits.com
  20. Re:We Already Knew That by gweihir · · Score: 2

    That is because nothing happens to the FBI if they screw up. Hence they screw up more and more, because screwing up is easier and cheaper than not screwing up. Power without accountability will invariably do that to any organization.

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  21. Bring popcorn to the meeting at Microsoft! by Anonymous Coward · · Score: 1

    Because if you have the golden key, you can revoke and replace the golden keys and the personal keys held in escrow by Microsoft, and avoid the extremely cooperative Microsoft approach to providing these to any schmuck with a rubber-stamped piece of paper saying "government on it".

    I was at the MIT lecture hall where Brian Lamacchia presented about the "Palladium" software, since renamed "Trusted Computing" and the core of "Secure Boot". The audience was very unhappy with his pretense that all this security structure was aimed at anything but vendor lockin and DRM and backdoors, rather than personal privacy. Microsoft's storage of *all* the private keys in their own personal escrow, with no policy on who or what could obtain personal or private keys without the owner's permission or even knowledge, was a dead giveaway.

    I asked Brian "What would occur if Microsoft chose to misuse or mishandle this technology?" Brian said he and engineers like him would resign. I said "Like you resigned from .NET, and they did it anyway?" I don't think he realized people in the audience knew about that one. Brian is technically intelligent, but doesn't understand even office politics, much less the political hardball surrounding encryption.

    Then, a bit later, Richard M. Stallman rose from his seat. Brian was *not* expecting rms! I wish I'd had popcorn for that moment, too, because Richard tore Brian a new one for locking people's own softwaer and computer resources away from their ownership and personal control. Some of us knew Richard and enjoyed the show: Brian apparently hadn't been paying attention to the nature of his audience, he was so excited to show of "ooohhh, shiny" toy.

  22. This really deserves a song. by sehlat · · Score: 1

    Music: "Brand New Key"

    Oh, I blew a software giant to smithereens,
    I got its Golden Key.
    Wonder what other tasks a wandering mind
    Might have for me.

    Is this megalomania?
    Am I out of my tree?
    Cuz I blew a software giant to smithereens,
    I got its Golden Key.

  23. Re:Copyright a Key? by cellocgw · · Score: 1

    Just curious is anyone knows whether MS can claim copyright in their master key?

    Probably not. Copyright protects creative expression. There is no creativity involved in the creation of a cryptographic key, so copyright would almost certainly not apply.

    "no creativity" -- you clearly haven't read some recent copyrighted books, or listened to some recent copyrighted music (and I use the term "music" rather loosely here)

    --
    https://app.box.com/WitthoftResume Code: https://github.com/cellocgw