Oops - Microsoft opens Secure Boot by mistake, showing everyone why master keys are a bad idea.

[GoodBytes]

Secure Boot is now Secure Useless, thanks to Microsoft accidentally leaking its 'Golden Key' of Secure Boot, a technology that powers UEFI based systems.

 

If you unfamiliar with Secure Boot, it is a secure technology developed by UEFI Forum which is formed by a number of companies like Intel (which is what it is based on), AMD, Apple, Microsoft, HP, Dell, Lenovo, and more. Secure Boot which was greatly pushed by Microsoft for its OS being hit the most by attacks. It allows a locking of a system to be made with the supported OS and the system prevents something else to replace the boot loader system of the OS with its own. In other words, assuming you have supported OS (that has a special key), once installed on a system with Secure Boot enabled for the first time it locks with it, so it can't be replaced without another OS that does not have support for Secure Boot. So basically, it is like a white list of OSs that can be installed on ones system. The user can disable Secure Boot on the system (assuming they have the option. I'll get on that in a bit), and install any OS that it chooses.

 

The main idea behind this, is to prevent dangerous attacks on the OS, where the malware (rootkit) in question can replace the OS boot loader with its own, gaining supervisor privileges from the CPU (a mode reserved by the OS, as it needs to get full access from your hardware (this is a hardware level "account" system if you want to see that way, but there is no password. It is first come, first gets "admin" rights), and turning the OS as a puppet of sorts. The malware/rootkit has full access to the system memory and has full control on the hardware (as it is now an OS), causing potential hardware damage, corrupt or transfer data (being an OS, it can operate your system, so it can control your HDD/SSD, or it can support hacked up  drivers like your graphics card, and over-voltage it, breaking it, and it can by-pass any security features from hardware and software with much ease. Having access to the full memory it can detect decrypted content, password used and more, and send all that to its server. Oh being an OS, it be undetectable. It can even control your security software memory so that it force it to acts as if you have 0 infections, but you are actually jam packed with them. There is certain validity behind this security system. It is a serious issue that aside from a drive format, and re-install of OS can't be fixed.

 

Its downside is that it prevents open source boot loaders and therefore: Linux distros (as they use an open source boot loaders) to take advantage of this security feature. Why? because it needs a key which can't be shared, but being open sources, it needs to be shareable to others else people can't do much with the source code, beside removing the code for it, and not support Secure Boot. If the key is public, it breaks the point of secure boot, as rootkit makers, can just use one of the many keys that anyone has access from an open source boot loader, and voila, their rootkit is not "validated", and it will install just fine, making the whole thing useless. So because these open source boot loader has no support for it, it needs to ask the user to turn it off. Ubuntu is one of the few non-Windows OS that support Secure Boot, where that part of its boot loader isn't open source.

 

Another downsides is that manufactures can remove the ability to disable Secure Boot, or change keys, forcing the user to the OS pre-installed by the manufacture. Something that Samsung had fun doing with its Windows powered laptops, and that Microsoft pushed to not give (meaning can't disable Secure Boot) with Windows RT based systems, such as the Surface 1 and the Surface 2 (the non-Pro versions. The models that runs Windows RT, not "full Windows". They are powered by an ARM based CPU).

 

Well, Secure Boot had a design flaw. To make testing process of OSs easier for developers, it had a master key. The problem, is that master key is the same like lock system with a master key.

 

To better understand the security flaw of master keys here is an analogy of sorts with actual doors:

In a building, you have many offices with locks on their doors. Within each office they are sensitive information, say. If a criminal comes in, to get the maximum information, he or she needs to break each office door lock, so it really limit the damage of potentially leaked information (ignore the fact that the thief can just kick the drywall, and can go through the office that way instead). However, the janitor, to not carry 10000 keys on him/her, he or she has a master key, 1 key to open all locks. Now, the criminal can have an easier time to find that combination to open the lock of a door, as on any given lock their are 2 possibilities. The key for that lock, and the master key. Another problem, is what if the master key is lost, someone can find it, and use it on any doors, making the entire security system useless. And this is what happened to Microsoft.

 

Microsoft has accidentally leaked the master key of Secure Boot.

 

The Register reports:

Quote

Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.

These skeleton keys can be used to install non-Redmond operating systems on locked-down computers. In other words, on devices that do not allow you to disable Secure Boot even if you have administrator rights – such as ARM-based Windows RT tablets – it is now possible to sidestep this block and run, say, GNU/Linux or Android.

Microsoft tried to fix the problem with a number of updates to its OS since July, to make the key not work if you do something within the OS and its bootloader, but it really potentially opened doors for hackers to help them find the combination, and if the patch work is broken? Well you guessed it, it has access.

 

 

Source: http://www.theregister.co.uk/2016/08/10/microsoft_secure_boot_ms16_100/

 

So, lesson in life: Master Keys are dangerous. They might be convenient, but dangerous. This applies to everything (unless you just don't care).

[SSL]

No worries, the NSA probably had it already.

[BuckGup]

So what does this mean? Linux on windows phones and Surface Books?

[AresKrieger]

I assume this means most modern systems are now completely screwed

 

Hmm I wonder if they can be sued over this incompetence

[Hackzzila]

I didnt know much about secure boot, but damn I dislike it now, since you can't do stuff on the hardware you payed for. But on the other hand it could cause security issues, soo idk.

[AresKrieger]

3 minutes ago, SSL said:

No worries, the NSA probably had it already.

Yes but the NSA doesn't have the incentive to use this against everyone, nor do they have the capability

[Tomsen]

Whoops..

Also secure boot has always been useless. It is based on an insecure platform foundation.

We all know it secure boots real intend.

[SSL]

Just now, AresKrieger said:

Yes but the NSA doesn't have the incentive to use this against everyone, nor do they have the capability

 

Indeed.

[Hackzzila]

1 minute ago, AlexTheRose said:

It causes security issues for Microsoft’s and other Secure Boot companies’ bank accounts, we know that. But other than that, there’s little security involved with “secure” boot. It’s just there to make corporations richer by stifling innovation and keeping things closed and proprietary. The Free Software Foundation terms this “Tivoization”.

If that's the case then I don't really care about their bank accounts. And I hope secure boot dies.

[EvilLemur]

would this affect TPM users? just sayin that could be alot of data loss if it does.

[FakezZ]

Just another case that shows how "security by obscurity" does not actually work...

[KrumpetPirate]

@SSL with heartbleed icon, @AlexTheRose with an arch icon in a thread about M$ screwing up? lol

 

I agree with Alex on this one, this was an anti-consumer move from the outset. It sucks that there is a vulnerability now where none should have existed.

[RexinOridle]

Am I the only one who smells pizza here?

[AlexGoesHigh]

1 hour ago, AlexTheRose said:

Secure Boot was nothing but anti-consumer Digital Restrictions Management in the first place. I’m glad to see it shatter.

The only thing anti consumer about secure boot was OEM locking down the bios firmware to not disable it, and it can be argued those that didn't allow keys to be added by the user without a firmware update. Other than that it's good tech against rootkits and malware.

 

All the controversies around it started because MS mandate all OEM hardware preloaded with windows 8 and greater to support secure boot and have it enabled by default on PC and laptops.

1 hour ago, SamStrecker said:

So what does this mean? Linux on windows phones and Surface Books?

Probably, though the main issues is that sec boot is now useless with current windows and hardware until MS gets a new key and bios be updated, which is going to be pretty much some of current lineup of some OEM's.

[Curufinwe_wins]

Non redmond windows means the ones prior to the anniversary update right?

[GoodBytes]

25 minutes ago, Curufinwe_wins said:

Non redmond windows means the ones prior to the anniversary update right?

It means Linux/Unix, and anything that isn't Windows 8 and up

[Curufinwe_wins]

4 minutes ago, GoodBytes said:

It means Linux/Unix, and anything that isn't Windows 8 and up

oh ok. Thanks for the clarification.

[Trik'Stari]

Tell me again how your W10 with it's telemetry and forced automatic updates is secure. Oh and now add this to that list.

 

Just seems to me that M$ becomes more idiotic and incompetent with time.

[suicidalfranco]

7 minutes ago, Trik'Stari said:

Tell me again how your W10 with it's telemetry and forced automatic updates is secure. Oh and now add this to that list.

 

Just seems to me that M$ becomes more idiotic and incompetent with time.

as long as they get to sell users data and serve ads

[PlayStation 2]

and this is why I stood with windows 7

[GoodBytes]

10 minutes ago, Dan Castellaneta said:

and this is why I stood with windows 7

That doesn't make any sense.

Windows 7 is like installing Windows 8 or 10 with Secure Boot disabled in your UEFI.

Meaning that you are open to the security issue like Windows 8/10 users.. until motherboard manufactures releases UEFI updates to exclude this master key that is. After that, only Windows 7 and older users will be vulnerable.

[Trik'Stari]

7 minutes ago, GoodBytes said:

That doesn't make any sense.

Windows 7 is like installing Windows 8 or 10 with Secure Boot disabled in your UEFI.

Meaning that you are open to the security issue like Windows 8/10 users.. until motherboard manufactures releases UEFI updates to exclude this master key that is. After that, only Windows 7 and older users will be vulnerable.

Linux?

[PlayStation 2]

12 minutes ago, GoodBytes said:

That doesn't make any sense.

Windows 7 is like installing Windows 8 or 10 with Secure Boot disabled in your UEFI.

Meaning that you are open to the security issue like Windows 8/10 users.. until motherboard manufactures releases UEFI updates to exclude this master key that is. After that, only Windows 7 and older users will be vulnerable.

Probably should've clarified.

Windows 7 does not enforce it by default.

[zMeul]

[goodtofufriday]

Inb4 windows RT on rpi 3.