Many Windows based devices, including PCs, tablets and smartphones, is equipped security technology Secure Boot as part of the UEFI firmware. The Secure Boot primarily does is to ensure that only software that is signed with a trusted certificate, may run during startup of the unit.
This will help to prevent malware started even before the operating system loads.
While the users is possible to disable the Secure Boot on many PCs, this is not the case in most other types of devices.
However, in connection with the development of Windows 10 Anniversary Update (Version 1607) Microsoft should have made a minor change in how Secure Boot function. And this change should have opened for unintended consequences. This writes two security specialists, who just call themselves for my123 and slipstream, on this page.
Policies
Along with Secure Boot system there Secure Boot policies. According to The Register, which first reviewing the matter, these early loaded during startup and must be observed by the Windows boot manager. To be accepted, must polices be cryptographically signed by Microsoft and be installed on devices using a Microsoft-signed tools.
It is now to have happened is that Microsoft has added a new and signed policy which disables the operating system signature checking. It is believed that this is done to give developers the opportunity to launch and test new operating system editions without having to sign every single.
But if this particular policy installed in the firmware of the machine will not boot manager for Windows check if it loads a Microsoft signed operating system. Instead, it will start up all binaries that are cryptographically signed. This also includes self-signed files. According to The Register, this can for example be an intermediate solution that loads a Linux kernel.
In practice, this amounts to a master key, which constitutes an effective backdoor to Secure Boot.
Universal Key and backdoor
Security researchers write:
You can see how this is very bad !! A backdoor, wooden MS put
in two secure boot Because They Decided two not let the user turn it off in
certainties devices, allowsa for secure boot to be disabled everywhere!
You can see the irony. Also the irony in That MS themelves provided us several
nice “golden keys” (as the FBI would say;) for us two use for That Purpose:)
About the FBI, are you reading this? If you are, then this is a perfect real
world example about why your idea of backdooring cryptosystem with a “secure
golden key” is very bath! Smarter people than me havebeen counting this to you
for so long, it Seems you have your fingers in your ears. You seriously do not
under stand still? Microsoft Implemented a “secure golden key” system. And the
golden keys got released from MS own stupidity. Now, what happens if you tell
everyone two make a “secure golden key” system? Hopefully you can add 2 + 2 …
See also: French demands for “backdoor” for smart phones
Microsoft effort
According to the Register shall security researchers have warned Microsoft already in March that they had found a debugmodus policy which by mistake had been included on devices sold through retailers.
Basically, the policy intended as a supplemental policy to be merged with other policies. But if it is used as the primary policy can thus be used to turn off signature check no.
A first attempt by Microsoft to repair the damage, came in July. This should have tried to revoke the validity of the special Secure Boot policy, but will for various reasons not having succeeded so well with it. On the other hand it is able to prevent policy installed.
This week came Microsoft with a further update in another attempt to tighten and further security fixes can be expected in September.
Can still be possible
the Register points to a script that will make it possible to install the current policy on an ARM-based Windows RT board. This presupposes, however, that the July update is not installed.
Because Surface RT products were not a huge success, Microsoft has stopped developing software. But they may be well suited to run software other than Windows RT, if users get the ability to install this.
The Register writes that a similar tool to install Secure Boot policies available for Windows Phone.
Such a policy can of course open to that malware gets increased access to do damage to the system, that is precisely the Secure Boot initially intended to prevent.
No comments:
Post a Comment