Microsoft has accidentally leaked secret keys that will
allow the hackers to unlock devices which are protected by UEFI (Unified
Extensible Firmware Interface). Your device can be protected by secure boots
from few types of malware. But what if there is already a gaping hole in
Microsoft’s security system?
What if your device is not safe even after all the privacy
the system provides. Something like this is now troubling Microsoft’s security
issues. And not only that by this bug the user may get malware into the device
with the help of boot. Secure boot is a very important feature and it is very
useful for the protection of your device from things like malware. But if it is
not available with proper security then the system will become the victim of
malware, Such as rootkit, With that your system’s bootloader can be hijacked.
Secure boot has other features like the restriction of
running any other operating system other than Microsoft on your device. Which
is very helpful for the user because the hacker cannot use Linux or any other
penetrating tests operating systems to get into your PC. Also when the secure
boot mode is enabled then you can only boot approved Microsoft’s
(cryptographically signature checking) operating systems.
But now after the disclosure of the secret keys by two
security researchers you can install operating systems other than windows on
your machine like Linux or android with the help of alias MY123 and Slipstream.
It is being said that the leak of the secret keys cannot be
hidden now and nearly impossible for Microsoft. The Register writes “Now that
golden policy has leaked onto the internet. It is signed by Microsoft’s Windows
Production PCA 2011 key.
If you provision this onto your device or computer as an
active policy, you’ll disable Secure Boot. The policy is universal. It is not
tied to any particular architecture or device. It works on x86 and ARM, On
anything that uses the Windows boot manager”. And with this being said you get
the idea what are the possibilities.
Let me tell you what possibilities are there for others like
FBI agents and the developers to get into the system by using it as a backdoor.
Now FBI can exploit the security for collecting the information of the persons
who are involved in cases.