Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea by Chris Williams.
From the post:
Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.
These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android.
What’s more, it is believed it will be impossible for Microsoft to fully revoke the leaked keys.
And perhaps most importantly: it is a reminder that demands by politicians and crimefighters for special keys, which can be used by investigators to unlock devices in criminal cases, will inevitably jeopardize the security of everyone.
Microsoft’s misstep was uncovered by two researchers, MY123 and Slipstream, who documented their findings here in a demoscene-themed writeup published on Tuesday. Slip believes Microsoft will find it impossible to undo its leak.
…
To understand the full technical implications of this Microsoft leak, let Chris take you through Secure Boot policies.
For representatives of the public, the summary is: Backdoor Key = Everyone has access.
Follow up question for representatives of the public: Is that what you want?
Have Lady GaGa CDs (Manning) or USB sticks labeled on one side NSA and the other Snowden to give anyone protesting government offices are secure. (Just me but I would put malware on both.)
Chris reports that as of 10 August 2016 that Microsoft has not commented on this story.
I hope MS puts on a brave face and says the leak was deliberate and done to illustrate the danger of golden backdoor keys.
They will no worse off than they are now and spun properly it could be a telling blow against backdoor keys.