Encryption became a hot topic this year during the whole FBI and Apple standoff over a terrorist’s encrypted iPhone. One of the questions discussed was if technology companies should be compelled to provide back doors to encryption, allowing the government unfettered access when warranted. Regardless of where you stand on the issue politically, it turns out Microsoft might have accidentally and quite embarrassingly, provide a perfect case of why a back door to encryption is a significantly flawed idea.
Microsoft’s Golden Key
The report of this case comes from The Register and it involves a cryptographic key Microsoft made to disable the Secure Boot process on Windows devices. The short of it is that devices like Windows powered phones and Surface RT tablets have Secure Boot always on so that only genuinely authenticated Microsoft operating systems can be booted up on those devices.
But as The Register explains, there are times when Microsoft engineers might want to quickly experiment with new builds of Windows that don’t have the necessary cryptographic keys. So Microsoft made it possible to get around Secure Boot on these devices with a “golden key” for the purposes of debugging and testing.
This past March, however, two researchers discovered that this golden key had escaped into the wild. To take the key analogy further, it turns out some retail devices shipped with the golden key still in the lock. Someone with one of these unlocked devices figured this out, and consequently, the “golden key” has since leaked onto the internet.
The “golden key” works on any devices that uses Windows boot manager. It allows users to install operating systems like Linux or Android on once closed devices such as Windows phones or the Surface RT. Technically this also affects Windows PCs and Servers. However, these systems are generally already unlocked.
Once Pandora’s box is open, it stays open
The Register also reports that at least one of original researchers believes it will be impossible for Microsoft to undo the effects of this leak. Microsoft is trying to fix the situation. In fact, one of the security bulletins we announced earlier today is meant to address this issue. The Register says at least one more bulletin is planned, but so far these fixes have just put more hurdles in the way to using the leaked key, but have not completely prevented its use.
The Register, as well as the researchers who discovered the flaw, go on to say that this is a strong example why the government should not have back door keys to unlock any and every encrypted device. It is too easy for these cryptographic keys to fall into anyone’s hands, and once these master keys do, it’s not something you can just walk back or fix with a patch. The Register also adds, given the government’s track record with incidents like the Office of Personnel Management hack, such back door keys wouldn’t be safe in their hands.
Microsoft’s golden key was leaked out of some glaring oversight. But imagine if there wasn’t just oversight issues to worry about, but also malicious actors actively trying to get their hands on these back door keys. The Register cites the words of one of the researchers which was directed at the FBI:
This is a perfect real world example about why your idea of backdooring cryptosystems with a ‘secure golden key’ is very bad. Smarter people than me have been telling this to you for so long. It seems you have your fingers in your ears. You seriously don’t understand still? Microsoft implemented a ‘secure golden key’ system. And the golden keys got released by Microsoft’s own stupidity. Now, what happens if you tell everyone to make a ‘secure golden key’ system?
The leak of Microsoft’s “golden key” is assuredly already a dreadful nightmare for the folks in Redmond Washington. But The Register’s point is Microsoft’s “golden key” blunder makes it very easy to imagine what if the government forced everyone into living this nightmare with every encrypted device on the market.