AuthorTopic: Microsoft’s storage of Windows encryption keys could expose users to hackers, go  (Read 935 times)

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3751
    • View Profile
Microsoft’s storage of Windows encryption keys could expose users to hackers, gov’t – report
29 Dec, 2015

When it comes to computer security, encryption is key. That’s because encrypted devices or data require a key only accessible to the owner, but many Microsoft users aren’t as protected as they think, and could be exposed to hackers and law enforcement.

Since Windows 8.1, “disk encryption” has been a built-in feature for smartphones and other devices. Though it is helpful against common thieves, its compulsory nature sends a backup copy of the recovery key to Microsoft when a user logs in through a Microsoft account. As soon as one double is created, it can lead to a slippery slope of vulnerability, inviting backdoor access to hackers or government agencies such as the Federal Bureau of Investigation.

There is no warning or opt-out option for Microsoft users, something eerily akin to the Clipper chip program pushed by the National Security Agency and the Clinton White House in the 1990’s, according to The Intercept, which first reported on the Windows vulnerability.

The Clipper chip was an encryption technology developed by the NSA for telecom companies, allowing for “key escrow,” or shared access between the government and the corporations to personal encrypted gadgets.

The NSA’s Clipper chip was defunct by 1996 thanks to advances in encryption technology. Today, options like PGP encryption exist for messaging, and there are free open-source tools like Signal which block out surveillance of phone calls.

After a Microsoft user logs in for the first time, which automatically sends a copy of their encryption key to the company, the key can be deleted. However, this tactic may only be useful if nefarious forces haven’t already accessed the machine or its accessories after a login, which is possible to accomplish in less time than it takes to delete the key.

“The gold standard in disk encryption is end-to-end encryption, where only you can unlock your disk. This is what most companies use, and it seems to work well,” Johns Hopkins University cryptography professor Matthew Green told The Intercept. “There are certainly cases where it’s helpful to have a backup of your key or password. In those cases you might opt in to have a company store that information. But handing your keys to a company like Microsoft fundamentally changes the security properties of a disk encryption system.”

“Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees,” Green added.
The State is a body of armed men

Online Eddie

  • Master Chef
  • *****
  • Posts: 19718
    • View Profile
I saw that one.
What makes the desert beautiful is that somewhere it hides a well.

Offline Palloy

  • Moderator
  • Sous Chef
  • *****
  • Posts: 3751
    • View Profile
Here is a solution to the problem from Hacker News.  If I read this correctly, it doesn't apply to the Home version of Windows 10. 

A better solution might be to encrypt all your data files with something else first, and then let the Microsoft encryption software do its own thing.  Veracrypt is a development of Truecrypt (which is no longer supported), free and open source, and actively maintained. 

The question of why Microsoft did this in such a sneaky way leads me to think that it was particularly to satisfy US "security" agencies, who otherwise wouldn't be able to read the files on any seized computer.  Security in this sense means security for the Government, and NOT for you.
Microsoft Keeps Backup of Your Encryption Key on its Server — Here's How to Delete it
December 28, 2015
Swati Khandelwal

Have you recently purchased a Windows computer?

Congratulations! As your new Windows computer has inbuilt disk encryption feature that is turned on by default in order to protect your data in case your device is lost or stolen.

Moreover, In case you lost your encryption keys then don't worry, Microsoft has a copy of your Recovery Key.

But Wait! If Microsoft already has your Disk Encryption Keys then what’s the use of using disk encryption feature? Doesn't Encryption mean Only you can unlock your disk?

Microsoft Probably Holds your Encryption Keys

Since the launch of Windows 8.1, Microsoft is offering disk encryption as a built-in feature for Windows laptops, Windows phones and other devices.

However, there is a little-known fact, highlighted by The Intercept, that if you have logged into Windows 10 using your Microsoft account, your system had automatically uploaded a copy of your recovery key to Microsoft’s servers secretly, and you can't prevent device encryption from sending your recovery key.

Note: Do not get confuse device encryption with BitLocker. Both works same but have different configuration options. BitLocker offers users a choice whether or not they want to backup their Recovery keys on Windows server.

Also Read: Mission '1 Billion' — Microsoft will Automatically Offer Windows 10 Upgrade

Why Should You Worry?

    If a hacker hacks your Microsoft account, he can make a copy of your recovery key before you delete it (method described below).
    Any Rogue employee at Microsoft with access to user data can access your recovery key.
    If Microsoft itself get hacked, the hacker can have their hands on your recovery key.
    Even Law Enforcement or Spy agencies could also request Microsoft to hand over your recovery key.

    "Your computer is now only as secure as that database of keys held by Microsoft, which means it may be vulnerable to hackers, foreign governments, and people who can extort Microsoft employees," said Matthew Green, a cryptography professor at Johns Hopkins University.

How to Delete your Recovery Key from your Microsoft Account?

Although there's no way to prevent a new Windows computer from uploading the recovery key at the very first time you log into your Microsoft account, you can delete the existing recovery key from your Microsoft account and generate a new one.

Also Read: Intel launches Hardware-based Self-Encrypting Solid State Drives

Follow these simple steps in order to remove your recovery key from your Microsoft account:

Step 1: Open this website and log in with your Microsoft Account

Step 2: You will find list of recovery keys backed up to your Microsoft Account

Step 3: Take a back of your recovery Keys locally

Step 4: Go ahead and delete your recovery key from Microsoft Account.

Important Fact: Green also pointed out that even after deleting the recovery key from your Microsoft account, there is no guarantee that the key has been removed from the company's server.

Instant Solution: To solve this issue, Windows users are recommended to stop using their old encryption keys and generate a new one without sharing it with Microsoft.

How to Generate a New Encryption key (Without Sending a copy to Microsoft)?

Sorry for Windows Home Edition users, but Windows Pro or Enterprise users can create new key by decrypting whole hard disk and then re-encrypt the disk, and this time in such a way that you will actually get asked how you want to backup your Recovery Key.

Step 1: Go to Start, type "Bitlocker," and click "Manage BitLocker."

Step 2: Click "Turn off BitLocker" and it will decrypt your disk.

Step 3: Once done, Click "Turn on BitLocker" again.

Step 4: Then Windows will ask you: How you want to backup your Recovery Key. Make sure to DO NOT SELECT "Save to your Microsoft Account." That's it.


Finally, the new Windows device you purchased specially for disk encryption feature has now enabled the feature, and Microsoft no longer can unlock it.
The State is a body of armed men


Related Topics

  Subject / Started by Replies Last post
5 Replies
Last post January 06, 2016, 11:09:57 PM
by K-Dog
1 Replies
Last post January 06, 2016, 01:19:25 PM
by Eddie
0 Replies
Last post November 01, 2016, 05:37:51 PM
by Palloy