Microsoft Gives Vista Backdoor Keys To The Police

from the meaning-the-crooks-have-it-too dept

It's long been assumed that Microsoft has built in various "backdoors" for law enforcement to get around its own security, but now reader Kevin Stapp writes in to let us know that the company has also been literally handing out the keys to law enforcement. Apparently, they're giving out special USB keys that simply get around Microsoft's security, allowing the holder of the key to very quickly get forensic information (including internet surfing history), passwords and supposedly encrypted data off of a laptop. While you can understand why police like this, the very fact that the backdoor is there and that a bunch of these USB keys are out there pretty much guarantees that those with nefarious intent also have such keys. The second you build in such backdoors, no matter how noble the reason, you can rest assured that they will be used by criminals as well. No matter what, for those of you who didn't already know it, now you have more evidence as to why trusting Microsoft's "security" isn't such a good idea. Update: Some folks in the comments, and Ed Bott, claim that this post is a misreading of the original story. The USB key includes a bunch of standard tools, not access to a "backdoor." The confusion, on my part, was due to the original article claiming that the device "can decrypt passwords and analyze a computer's Internet activity, as well as data stored in the computer." In saying so, it appeared that the device must have access to a backdoor to decrypt the password -- but an update claims that it's merely "password security auditing technologies."

Filed Under: backdoor, security, vista
Companies: microsoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Old_Paranoid, 29 Apr 2008 @ 5:16pm

    Windows USB "Backdoor" NOT

    This is a very badly written summary.

    I have worked for Microsoft doing Windows security for a few years now, but the truth of the situation is clearly much different than reported.

    There is no Microsoft USB backdoor key to Windows. But both the USB bus and the 1394 (Firewire) bus were designed with inadequate attention to security. A compliant implementation of both can cause security issues for the OS supporting them. With Vista, Microsoft supports the ability to restrict the security vulnerabilities associated with the USB bus. This security policy significantly reduces the usability of consumer usage scenarios and is off by default (it can be set by Group Policy). The 1394 interface is insecure by default -- the cure for hostile 1394 devices is epoxy. For the more paranoid organizations, the cure for USB interface vulnerabilities is epoxy as well, requiring HW that supports PS2 plugs – as you never know if the USB device you are talking to is actually what it reports itself to be.

    Evidence gathered by the police is only useable if it meets very stringent standards of data gathering and clear control and possession. Hence, specialized forensic tools have to be used that do not alter data on the system. And it is important to gather evidence, typically a table of hashes, that allows the investigators to show that data / evidence was not altered if and when such evidence may be used at a trial. As such, having certified scripted data acquisition tools that create memory and disc images and associated hashes are invaluable. I am not familiar with this particular tool set, but it would appear that Microsoft has made such a tool set for the gathering of forensic evidence from systems. Other providers supply such tools as well.

    If the user has enabled bitlocker and EFS, configured them correctly, and the system is powered down (enough for transient charges and polarization of dielectrics to discharge), there is no technical attack against the system. There is a legal one – hold one or more parties who have knowledge of the key until they divulge it. Depending upon the perceived value of the data in question, governments have shown themselves to be quite persuasive. Attackers with physical access to a running system have more opportunities to compromise the system, and it does not matter what OS is running on it. A physically compromised system must be viewed as compromised; it is a question of time and resources to break it.

Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here



Subscribe to the Techdirt Daily newsletter




Comment Options:

  • Use markdown. Use plain text.
  • Remember name/email/url (set a cookie)

Follow Techdirt
Techdirt Gear
Shop Now: Techdirt Logo Gear
Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.