In order to prove how safe Windows 11 is, Microsoft personally “hacked” its own computer

When Microsoft released Windows 10 in 2015, Microsoft developer Jerry Nixon once said that Windows 10 will be the last version of Windows. In the future, Microsoft will only add new features and fix vulnerabilities on the Windows 10 platform.

Before Windows 10, the version update cycle of Windows was basically maintained at about 3-4 years. It is rare for a version like Windows 10 that has not ushered in a major update after 6 years of operation.

Just when everyone thought that Microsoft had put an end to Windows, Microsoft suddenly announced the advent of Windows 11.

Regardless of whether Microsoft is slapped in the face of the past, Windows 11 still brings a lot of freshness to the old users who have been with Windows 10 for 6 years, and this upgrade is free, and many users have been after the official version is released. Plan to upgrade the experience.

However, some users with older computer hardware find that their computers do not meet the Windows 11 upgrade requirements.

What's more weird is that this is not because the computer's CPU performance is insufficient, or the hard disk or memory capacity is not enough, but because of a chip that has never been heard before-the TPM 2.0 security chip.

"What TPM chip, Intel's or AMD's?"

Because the security of the Windows system has always been criticized, Microsoft joined a number of PC manufacturers to promote the TPM security chip in 2011 to improve the defense of the Windows system. Since then, basically every computer will have a built-in TPM 1.2 chip when it leaves the factory.

To put it simply, TPM chips are specially used to process computer encryption keys, which can play a role in security authentication, key storage, etc. Compared with software security protection, the hardware-level protection provided by TPM is much more closed, so it is more difficult Invaded and tampered with by malicious software such as viruses.

▲ The new CPU has integrated TPM 2.0 chip

In 2016, TPM 2.0 chips began to be promoted, and many manufacturers have also kept up with the pace of updates. However, users at the time were basically not aware of this “minor details” upgrade until the launch of Windows 11.

Some users who are still using hardware in the TPM 1.2 era accused Microsoft of using the Windows 11 upgrade to push the TPM 2.0 chip. In fact, it is to stimulate old users to replace new hardware and accelerate the speed of hardware elimination.

Therefore, they have developed a lot of methods that can bypass the detection of the TPM chip and forcibly upgrade Windows 11. These methods are vividly called "smuggling."

Microsoft explained that the purpose of promoting TPM 2.0 chips is actually to deal with increasingly severe information security issues.

Microsoft’s security researchers have discovered that the use of hardware firmware vulnerabilities (CPU, memory, hard disk, etc.) to attack the system is increasing, and this malicious code is difficult to detect or remove. Once infected, users can only reinstall the system or Replace the hard drive.

These vulnerabilities not only threaten users’ information security, but also indirectly have a serious impact on the real world. For example, the ransomware that caused the world to panic about information security a few years ago paralyzed the computers of important institutions such as hospitals and gas stations. An irreparable loss.

In order to explain the importance of the TPM 2.0 chip more intuitively, Microsoft decided to personally become a "hacker", demonstrating how Windows 11 can resist when it is compromised.

Whether it is safe or not, you will know when you intrude

▲ Microsoft Chief "Inner Ghost"

Microsoft asked David Weston, the security director of Microsoft's enterprise and operating systems, to demonstrate the intrusion.

David has established a professional hacker team at Microsoft. His job is to find the security problems that threaten the system faster than hackers. Therefore, he can be said to be an expert in attacking Windows.

David first demonstrated the remote intrusion of a Windows 10 computer without TPM protection or safe boot, and then installed ransomware on the puppet machine to lock its hard disk.

The process of intrusion is very simple. David found an open RDP port and forcibly logged into this computer remotely.

The process of hacking its system password is also very rough, that is, retrieving all kinds of leaked passwords and trying to unlock them continuously, after a few minutes or days, it can be broken by brute force cracking.

Once the hacker successfully enters the system, the puppet machine basically loses control. The hacker can plant Trojan horses such as ransomware at will to change the boot file of the system. At this time, even if WinPE or WinRE is used to repair the hard disk, there is no guarantee that it can be completely restored. System partition.

To unlock important data, users have to pay high ransoms to hackers with cryptocurrencies such as Bitcoin.

How can Windows 11 protect these important files from "kidnapping"? David said that the solution is not complicated, and that is to use the built-in "safe boot mode."

In the safe mode of Windows 11, the system will check whether the code and key of the startup program are consistent with the information of the TPM chip during startup, and confirm whether it has been modified.

Then, according to the running healthy boot log, run with the correct boot file, and refuse the modification of the ransomware, so that you can log in to Windows normally and back up the file, thereby minimizing the loss of ransomware intrusion.

After demonstrating the remote control, David then demonstrated another face-to-face security cracking-using Gummy Bear to crack fingerprint recognition.

Since it is very difficult to forge an identical fingerprint, fingerprint recognition is very safe in most people's inherent impression.

It is indeed a difficult problem to forcibly break the security gate of fingerprint recognition, but it is possible to bypass it and directly enter the system.

David prepared a device called PCI leech, which can directly access the information in the computer's memory through the Thunderbolt interface. As long as the computer is patched with a "any information can be unlocked" patch, then the fingerprint information can be successfully bypassed and entered into the computer.

At this time, use any conductive object (finger, nose, gummy bear, etc.) to unlock the computer to access all private content.

This kind of memory-based attack is not uncommon, because many programs will temporarily store data in the memory when they are running, and the attacker will take advantage of this opportunity to modify the data.

If your computer falls into the hands of lawbreakers who understand the relevant technology, then the "confidential files" in your favorites are likely to be worse off.

But if you happen to use a TPM chip to prevent intrusion, then everything will be a different matter.

David then performed the same intrusion demonstration on a Windows 11 computer, and found that the fingerprint recognition still works correctly.

This is because the fingerprint identification information is no longer simply stored in the memory, but isolated, locked in an independent and secure virtual area, and each read requires the verification of the key.

The key is stored in the TPM chip isolated from the outside world, which greatly improves security.

David said that many security features in Windows 11 can also be used in Windows 10, but these features are only optional features in the previous version, and are now enabled by default in order to improve the security performance of Windows 11.

Therefore, regardless of whether you plan to upgrade from Windows 10 to Windows 11, Microsoft recommends that you check your TPM version and enable it in the BIOS.

It's time to pay attention to the security chip

In addition to system-level security protection, there are many protection measures for the TPM 2.0 chip. The most common one should be Bitlocker, which was added from the Windows Vista period.

For enterprise users, Bitlocker-driven encryption has become indispensable. Bitlocker is a full-volume encryption technology. In simple terms, it can give your hard disk a lock. Even if the hard disk is stolen, the thief cannot read information from it.

The key to protecting information is the TPM 2.0 chip. When you encrypt your disk, part of the encrypted key will be stored in the TPM chip of the motherboard.

This will not only provide more secure encryption protection, but also when your hard disk unfortunately falls into the hands of others, it will also be unusable because of the lack of the key on the TPM chip, providing strong offline protection.

At the moment when digital currency and virtual assets are popular, many "digital tycoons" worth hundreds of thousands of dollars in NFT assets and digital wallet keys may be stored in the computer hard disk. Once lost, the consequences would be disastrous.

Therefore, it is also necessary for individual users to use hardware-level encryption technologies like Bitlocker to protect their important data.

In addition to data security, TPM chips also have some unexpected uses, such as anti-cheating in games.

In recent years, we have witnessed the sudden explosion of many phenomenon-level games, such as "PUBG Mobile", "APEX", "Jelly Bean", etc. The reasons for their explosions are different, but the reasons for "cooling off" are mostly the same-plug-in Too much.

The struggle between game developers and cheaters has never stopped since the day the game was born. Now, some developers have decided to use more stringent methods to deal with cheaters, including the "League of Legends" developer fist game.

Vanguard, the anti-cheating system of the new game "Fearless Contract", will detect whether Windows 11 players have enabled TPM 2.0. If it is not enabled, they will not be able to enter the game.

According to analysis by security experts, Riot Games intends to use the TPM 2.0 chip to confirm the hardware information of the cheaters and permanently ban the device.

The measures of "Fearless Contract" are radical and bold, which may inspire other online game companies to use physical bans to increase the cost of cheaters, but at the same time, there are also people who such stricter supervision is a further violation of personal privacy. .

However, driven by Windows 11, there may be more and more games or applications like "Fearless Contract" that need to call the TPM 2.0 chip. At that time, higher standards of information security protection requirements may become new reasons for people to replace equipment.

Stop talking nonsense.

#Welcome to follow Aifaner's official WeChat account: Aifaner (WeChat ID: ifanr), more exciting content will be provided to you as soon as possible.

Ai Faner | Original link · View comments · Sina Weibo