Built-in backdoor: German govt warns of significant Windows 8 security danger
Leaked documents from the German Federal Office for Information Security (BSI) indicate that the organization has become suspicious of Trusted Platform Module (TPM) technology built into an increasing number of Windows 8 PCs and tablets.
Documents uncovered and leaked by German news outlet Zeit Online
found that the German Ministry of Economic Affairs was displaying
significant unease with the combined technologies, suggesting the
possibility that a backdoor could be created for further covert
NSA surveillance operations.
The backdoor in question would allow Microsoft to control the computer remotely. “Trusted Computing,” a method developed and promoted by the Trusted Computing Group, is nothing new - fears were being aired over its capabilities and potential as early its founding in 1999.
TPM appeared in 2006 as security technology. However, version 2.0 would implant a chip on every single PC, allowing it to control which programs could and couldn’t be executed because under Windows 8, there is no override. The users thus basically surrender control over their computers.
One of the documents retrieved by Zeit Online found that BSI stated that “unconditional, complete confidence” in Trusted Computing by stipulations of TPM 2.0 was not possible. Trusted Computing cultivated specifications for how the chip would work with operating systems.
Another document from early 2012 mourned the fact that “due to the loss of full sovereignty over the information technology, the security objectives of ‘confidentiality’ and ‘integrity’ can no longer be guaranteed.”
While not fully clear on the specifics, the documents appear to indicate that the NSA had some form of representation at the TCG meetings – during which German officials were also present - saying that they were in favor of leaving the technology in its existing state, without any changes being necessary. This suggests that the NSA does not see TPM 2.0 as hindering its operations.
A Snowden leak from July this year showed how Microsoft worked hand-in-hand with the United States government in order to allow federal investigators to bypass encryption mechanisms meant to protect the privacy of millions.
Penton’s Windows IT Pro trade publication pointed out that Zeit Online “seem[ed] to be using a bit of imagination to connect the dots and maybe the German government has other ideas.”
In a press statement released late Wednesday, the BSI insisted that “From the perspective of the BSI, the use of Windows 8 in combination with a TPM 2.0 is accompanied by a loss of control over the operating system and the hardware used.”