APPLE’S REFUSAL TO comply with a court order to help the FBI crack an iPhone highlighted the pressure tech companies face to include backdoors in their software. This “new crypto war” pits public safety concerns against the argument that backdoors and robust security are mutually exclusive. A seemingly innocuous Windows feature designed to protect users underscores that point.
Two hackers published evidence on Tuesday showing that attackers can exploit a feature called Secure Boot and install the type of malicious software the feature was created to protect against. “You can see the irony,” the researchers, known by the handles Slipstream and MY123, wrote.
Secure Boot, which first appeared in Windows 8 , bars computers from loading malware by confirming that software coordinating the operating system launch is trusted and verified. This ensures a computer isn’t tricked by a malicious program that then assumes control. Microsoft included a workaround so developers could test their software without fully validating it. It was never meant for hackers or police, but it is a backdoor just the same. And the keys leaked online.
Secure Boot runs by default on PCs, but users can disable it. It also runs on devices that use Windows RT and Windows Phone, and can’t be shut off. Microsoft released a patch inJuly and another this week. In a statement, the company said, “The jailbreak technique described in the researchers’ report on August 10 does not apply to desktop or enterprise PC systems. It requires physical access and administrator rights to ARM and RT devices and does not compromise encryption protections.” Basically this means that the exploit mainly places tablets and Windows Phones at risk, because most people using Windows servers and business PCs disable Secure Boot. Furthermore, an attacker needs deep access to individual mobile units to exploit the vulnerability.
Nonetheless, the patches appear to simply make the backdoor harder to exploit. The company’s approach to solving this problem is to blacklist affected boot managers, but Slipstream and MY123 argue that isn’t feasible. “It’d be impossible in practice for MS to revoke every bootmgr earlier than a certain point, as they’d break install media, recovery partitions, backups, etc.,” they write. In other words, they’re saying this problem can’t be entirely fixed, because it is embedded in too many fundamental systems. Resolving it leads to other problems.
The vulnerability underscores the futility of using backdoors for any purpose, no matter how well intentioned. Microsoft probably didn’t intend for the Secure Boot workaround to be anything more than a helpful tool, but created an opening for hackers and criminals, proving that even “helpful” backdoors make a system fundamentally insecure.
Not everyone accepts this. In 2014 and 2015, the Washington Post called for a “secure golden key” model in which companies install secret backdoors in devices, software, and encryption systems. That would allow law enforcement, with a warrant, to access them. Others have made similar suggestions, leading technologists and cryptographersto deem such proposals, in the words of Keybase co-creator Chris Coyne, “nonsense” and “highly dangerous.”
The Secure Boot vulnerability only proves the point. “I don’t want to diminish any security concerns, but the bigger reason to talk about this is the symbolic issue,” says Jeremy Gillulao of the Electronic Frontier Foundation. “Trying to make a secure backdoor is a contradiction in terms.”