Microsoft Accidentally Leaks Windows Backdoor aka 'Golden Key' (@DanielEran)
Microsoft leaked the golden keys that unlock Windows-powered tablets, phones and other devices sealed by Secure Boot – and is now scrambling to undo the blunder.
It’s akin to giving special secret keys to the police and the Feds that grant investigators full access to people’s devices and computer systems. Such backdoor keys can and most probably will fall into the wrong hands: rather than be used exclusively for fighting crime, they will be found and exploited by criminals to compromise communications and swipe sensitive personal information.
This is exactly what Apple and security experts have warned about regarding the FBI’s push for technology companies to allow them to access communications that would be encrypted.
Anyone who thinks government servers holding these keys are safe need only be reminded of the OPM megahack; anyone who thinks these keys cannot be extracted from software or hardware need only spend a weekend with a determined reverse-engineer and a copy of IDA Pro.
“This is a perfect real world example about why your idea of backdooring cryptosystems with a ‘secure golden key’ is very bad,” Slipstream wrote, addressing the FBI in particular.
The other thing to pick up from all this is how tenacious and therefore effective researchers and hackers are at finding these vulnerabilities. Companies go to extreme measures to get security right, and if they overlook anything, it is usually discovered and often exploited. Think the U.S. government can do better? I don’t.