Microsoft has committed a major blunder, leaking the golden keys which allow anyone to bypass the Secure Boot protection present in Windows PCs, phones and tablets. The tech giant is now scrambling to solve the issue before malicious hackers get their hands on the keys and wreak havoc.
Microsoft’s slip-up was revealed in a damning report compiled together by security researchers MY123 and Slipstream. According to their findings, the company may never be able to get back from this mistake, though it has issued two patches to cover up the glaring error so far. A third one is expected to come out in September.
Getting to the root of the matter, Secure Boot basically ensures that every part of a device’s boot process is secured by checking if it is validated and signed by Microsoft. This makes sure no one can forcibly boot the system with any other OS. It further can’t be disabled by a user, guaranteeing a certain degree of safety.
However, Microsoft made an exception to this rule by coming up with a special Secure Boot policy which disables the system from going through with its checks. This was meant to benefit developers who want to test new operating systems without any hassles.
The aforementioned golden keys to bypass Secure Boot have now been leaked online, allowing anyone to install a malicious OS, bootkit or rootkit hidden under the disguise of an authentic OS. Slipstream has gone as far as to issue a statement to the FBI regarding the mess, pointing out that the issue is a perfect real world example of what happens when backdoors are created.
Apple and the FBI sparked a major controversy earlier this year when the latter asked the former to create a backdoor which would allow them access to a locked iPhone. The company refused to do so, citing security concerns. Microsoft’s blunder could now be held up as an example of why such exceptions should never be made.