Main Area and Open Discussion > General Software Discussion

NSA Backdoor Exploit in Windows 8 Uncovered

(1/1)

Renegade:
Presented without comment so that other people can rant instead.  ;)

http://www.technobuffalo.com/2013/08/22/nsa-windows-8-exploit/

An internal document issued by IT experts working for the German federal government warned national agencies and companies not to use Windows 8. The reason? An alleged backdoor exploit has been discovered, and the details were obtained and published by German site Zeit Online. The leaked message suggests that the NSA likely has access to a hidden feature which apparently can’t be shut off and allows Microsoft to remotely control any computer running the software.

The Windows 8 feature under scrutiny by the German government is called Trusted Computing, a backdoor setting established ten years ago by a number of American tech giants including Microsoft, HP and IBM. Trusted Computing is supposed to protect computers from being manipulated by malicious third parties using viruses or other methods. The chip used to install Trusted Computing on Windows 8 computers allegedly offers Microsoft backdoor access, though the implication appears to be that the American company will extend that power to the U.S. government as well.

A second leaked report also notes that Windows 7 can “be safely operated until 2020,” implying that the German government may revert to the now-outdated operating system until the current security holes are plugged. However, in response to Zeit Online’s report, the Reichstag issued a statement partially denying claims it would downgrade its software.
--- End quote ---

mwb1100:
(Disclaimer: my reading and quoting of the ZEIT ONLINE article was done using Google Translate, since I cannot read German nearly well enough on my own)

If you read the original article on ZEIT ONLINE, it doesn't say that a backdoor has been discovered. In fact, the article is mostly about the Trusted Platform Module (TPM) standard, which has been around for a a while now.  The ZEIT ONLINE article is addressing an upcoming 2.0 version of TPM which apparently will not let users disable the TPM functionality (or something).

TPM is a mechanism where the computer will boot and run code only if it has been signed by some authority.

The article does say this about the NSA backdoor:

In light of the revelations [by] Snowden it takes little imagination accordingly, to be regarded by 8 TPM 2.0 and Windows as a back door for the NSA, just waiting to be opened.

--- End quote ---

In other words, they can well imagine that the TPM 2.0 standard could harbor an NSA backdoor.  But one hasn't been discovered yet.

While TPM may be undesirable to end users (though if administration of TPM keys is allowed to end users, it could be a benefit to them), the NSA backdoor is simply speculation - one has not been discovered. 

Not to mention, if MS were going to provide (or has provided, if you like) a backdoor for the NSA, they wouldn't necessarily need TPM to do it.

phitsc:
Your reading and interpretation of the translation is correct mwb1100.

Navigation

[0] Message Index