Security
researchers MY123 and Slipstream revealed this week that Microsoft accidentally
leaked security keys that allow Windows-based computers, phones and tablets to
be unlocked and loaded with other operating systems, as well as malicious
software like rootkits.
While the
company has attempted to patch Windows to fix this, the researchers believe
that it’d be impossible for Microsoft to render the leaked keys useless.
It isn’t
clear just how much of a security risk this poses for users: It appears that
one would need to physically access the target device to use the key and
install other software on it.
However, it
shows exactly why governments and law enforcement agencies should stop asking
tech companies to build backdoors into their products and software, in the
hopes that they’ll be able to listen in on communications and catch criminals
in the act.
When you
create a backdoor, you have to lock it somehow. In Microsoft’s case the company
did so to allow for easier debugging. But now that the key is publicly
available, it can easily be misused by anyone who can get their hands on it.
It’s a
danger that governments don’t seem to understand. Remember the San Bernardino
shooter’s iPhone that the FBI wanted to unlock, and how it tried to get Apple
to create a backdoored version of iOS to assist with that case? What if that
version was somehow leaked publicly and became available to anyone who wanted
to hack iOS devices in their possession?
It’s not
just the US: The UK is inching closer to passing a law that would require
service providers to unlock encrypted customer data and correspondence at the
government’s request – and never admit to doing so.
Microsoft’s
bungle is an example of how things could go south when creating backdoors. One
can only hope that the debacle will help convince politicians and law
enforcement officials to stop asking for ways to endanger citizens’ security
and privacy.
Contact Spokes Technologies for website development, software development and professional training cum placements.
No comments:
Post a Comment