German agency warns Windows 8 PCs vulnerable to cyber threats
By Harro Ten Wolde
A German government technology agency has warned that new security technology in computers running Microsoft’s Windows 8 operating system may actually make PCs more vulnerable to cyber threats, including sabotage.
Germany’s Federal Office for Information Security, or BSI, said in a statement posted on its website on Wednesday that federal government agencies and critical infrastructure operators should pay particular attention to the risk.
The warning comes after weeks of public indignation in Germany over leaks related to U.S. surveillance programs. The spying scandal has become a headache for Chancellor Angela Merkel ahead of a Sept. 22 election.
The problem, according to the BSI, is with the use of a computer chip known as the Trusted Platform Module, or TPM 2.0, which is built into Windows 8 computers. TPM 2.0 is designed to better protect PCs by interacting with a variety of security applications.
But the BSI, which provides advice on technology and security to the government as well as the public, said the joint implementation of Windows 8 and TPM 2.0 chips could lead to “a loss of control” over both the operating system and hardware, without specifying exactly how that could occur.
“As a result, new risks occur for users, especially for federal and critical infrastructure,” it said.
The statement concluded: “The new mechanisms in use can also be used for sabotage by third parties. These risks need to be addressed.”
Microsoft declined comment on the BSI statement.
The company provided Reuters with a statement saying that PC makers have the option to turn off TPM technology, so that customers can buy PCs with it disabled.
TPM was developed by the Trusted Computing Group, a non-profit organization backed by technology firms including IBM , Intel, Hewlett-Packard and Microsoft.
The BSI said it was working with the Trusted Computing Group and operating systems producers to find a solution.
A spokeswoman for that group declined to comment on the specific claims raised by the BSI. She said the group has provided PC makers and users with plenty of advice on best security practices to avoid any threats that they may face.