Microsoft has accidentally leaked secret keys that will allow the hackers to unlock devices which are protected by UEFI (Unified Extensible Firmware Interface). Your device can be protected by secure boots from few types of malware. But what if there is already a gaping hole in Microsoft’s security system?
What if your device is not safe even after all the privacy the system provides. Something like this is now troubling Microsoft’s security issues. And not only that by this bug the user may get malware into the device with the help of boot. Secure boot is a very important feature and it is very useful for the protection of your device from things like malware. But if it is not available with proper security then the system will become the victim of malware, Such as rootkit, With that your system’s bootloader can be hijacked.
Secure boot has other features like the restriction of running any other operating system other than Microsoft on your device. Which is very helpful for the user because the hacker cannot use Linux or any other penetrating tests operating systems to get into your PC. Also when the secure boot mode is enabled then you can only boot approved Microsoft’s (cryptographically signature checking) operating systems.
But now after the disclosure of the secret keys by two security researchers you can install operating systems other than windows on your machine like Linux or android with the help of alias MY123 and Slipstream.
It is being said that the leak of the secret keys cannot be hidden now and nearly impossible for Microsoft. The Register writes “Now that golden policy has leaked onto the internet. It is signed by Microsoft’s Windows Production PCA 2011 key.
If you provision this onto your device or computer as an active policy, you’ll disable Secure Boot. The policy is universal. It is not tied to any particular architecture or device. It works on x86 and ARM, On anything that uses the Windows boot manager”. And with this being said you get the idea what are the possibilities.
Let me tell you what possibilities are there for others like FBI agents and the developers to get into the system by using it as a backdoor. Now FBI can exploit the security for collecting the information of the persons who are involved in cases.