Microsoft Leaked Their Firmware’s Backdoor Key
Gareth Andrews / 5 years ago
Remember when Apple was fighting with the FBI and the question about a universal backdoor was put forward to everyone? Now it would seem that Microsoft has proved everyone right by accidentally opening up theirs to everyone when they released their firmware’s backdoor key by accident.
The key is used to bypass Secure Boot, a system which protected systems from starting up with malicious versions of Windows. Secure Boot has been in placed since Windows 8.1 and was meant to protect people. Now with the key released to the public its possible to install any operating systems, be it a legitimate version of Linux or a malicious version of Windows onto systems at a key level.
The worst part is that both MY123 and Slipstream who found the keys in March believe that the error may be impossible, saying that “it’d be impossible in practise for MS to revoke every bootmgr earlier than a certain point, as they’d break install media, recovery partitions, backups, etc”.
The golden keys appear to have been created for testing purposes, enabling developers to use new builds of operating systems without having to get their certificates authorised with each variation. Given the same technique is used to secure Microsoft’s tablets and phones, this could be a security issue for any organisation operating with this hardware.