Microsoft Secure Boot Key Leak Shows Why Backdoors Can’t Work

Wired:

APPLE’S REFUSAL TO comply with a court order to help the FBI crack an iPhone highlighted the pressure tech companies face to include backdoors in their software. This “new crypto war” pits public safety concerns against the argument that backdoors and robust security are mutually exclusive. A seemingly innocuous Windows feature designed to protect users underscores that point.

Two hackers published evidence on Tuesday showing that attackers can exploit a feature called Secure Boot and install the type of malicious software the feature was created to protect against. “You can see the irony,” the researchers, known by the handles Slipstream and MY123, wrote.

Secure Boot, which first appeared in Windows 8 , bars computers from loading malware by confirming that software coordinating the operating system launch is trusted and verified. This ensures a computer isn’t tricked by a malicious program that then assumes control. Microsoft included a workaround so developers could test their software without fully validating it. It was never meant for hackers or police, but it is a backdoor just the same. And the keys leaked online.

Hopefully this will kill the crazy idea that a backdoor past encryption is a good idea.  If Microsoft can’t keep control of a key, who can?