Microsoft has accidentally revealed Backdoor in Windows 10
Mini Bytes: Its surprising that Microsoft has planted Backdoor in Windows 10 and this was confirmed by the security researchers. Two researchers are reason for this information that leaked to the world by accidentally leaking their golden keys to the UEFI boot manager.
After reading this title of this post, could you believe Microsoft has installed a backdoor in windows 10. Yes it happed by the researcher in March 2016 by Slipstream and MY123, who revealed the golden key signatures for the UEFI secure boot.
Windows Anniversary Update was released a couple of day ago and revealing the UEFI secure boot keys raises the risk of all the system which was updated to the latest version of the Windows 10. This secure boot keys are created specifically for the Microsoft developers to login in to the UEFI secure boot.
Uses of UEFI Golden Keys:
Microsoft has blocked the installation of secondary Linux operating system in windows 10 by locking down the UEFI boot manager with this secure boot keys. But with the help of the golden keys, we can easily unlock the secure UEFI boot manager and we can install the Linux operating system.
The revealed golden keys gives you permission to unlock the windows boot manager, so this creates a risk to all the windows 10 users worldwide. Regarding this Microsoft has released a security patch MS16-094 after knowing that these keys were released unexpectedly.
Later Microsoft released the Second security patch MS16-100 to completely close this issue. But users who didn’t install this update can use this golden key to unlock their boot manager and can install Linux operating system and do dual boot.
As per The Register, you can install the Windows Production PCA 2011 key to unlock the windows boot manager. This can be done in the PC which was using the windows boot manager.
Golden Keys acting as backdoor for Security Agencies and FBI:
Because of Microsoft’s carelessness, these keys are released and this makes the security agencies and the FBI to know how to make use of this vulnerability. Since they came to know the technology that was used to lock down the UEFi boot, which is not secure using cryptographic method, all the users became vulnerable to this known issue.
If the users want to be safe from these known issue, then they need to update their PC to the latest version of the windows updates. Other than that, this portion of the keys will become a tip to the coders and they will start writing codes that will break the UEFI boot manager.
Still this day, nobody breached the windows boot manager, but releasing this golden keys will break this history and soon we can find the windows backdoor using this exploit.
Apple has recently fights with the FBI to prove that their Mac operating system is secure and FBI also paid huge amount to researchers to break the iPhone encryption. Hackers around the world are creating and finding new exploits and vulnerability.
Seeing all these kind of acts, tells that we are not secure still and yet we need to improve our security to safe guard our privacy in the future.