DOWNLOAD: Best tool to repair Windows problems & optimize system performance | Best driver update software for your PC
 
Results 1 to 9 of 9

Thread: Windows BitLocker under attack!

  1. #1
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,572

    Exclamation Windows BitLocker under attack!

    Fraunhofer SIT has presented a method for discovering the BitLocker drive encryption PIN under Windows. The method even works where TPM is used to protect the boot process.

    The trick? An attacker with access to the target computer simply boots from a USB flash drive and replaces the BitLocker bootloader with a substitute bootloader which mimics the BitLocker PIN query process but saves the PINs entered by the user to disk in unencrypted form.



    Attack on Windows BitLocker - The H Security: News and Features

  2. #2
    leofelix is offline Member
    Join Date
    Oct 2008
    Location
    Italy
    Posts
    1,668

    Default

    OMG I suppose other new rookits are in the wild

    Once the substitute bootloader has saved the victim's PIN to the hard drive, it rewrites the original bootloader to the MBR and restarts the system

  3. #3
    seti is offline Member
    Join Date
    Nov 2008
    Posts
    1,923

    Default

    Thanks for the information Andy it just proves how we all need to be aware of things and make sure that our security is always updated and we scan regualarly and back up frequently as well. As much as we might not like it we are in a war zone with things and we need to keep prepared.

  4. #4
    MrMBerman's Avatar
    MrMBerman is offline Senior Member
    Join Date
    Mar 2009
    Location
    Tel Aviv / London / Bukidnon
    Posts
    340

    Default

    A Microsoft spokesperson added:

    The claims being made by Passware that they are able "to break Microsoft BitLocker hard drive encryption" must be taken in context of the needs of data recovery and forensics tools. The Passware Kit Forensic product, like others used legitimately for digital forensics analysis, requires "a physical memory image file of the target computer and extracts all the encryption keys for a BitLocker disk." We have always been up front in our discussions of Windows BitLocker and that it is intended to help protect data at rest (e.g. when the machine is powered off). If a forensics analyst or thief/adversary has physical access to a running system, it is possible to take advantage of the fact that the contents that are in a computer's memory are accessible through users with administrative privilege and/or specific direct memory access hardware methods (if available).

    BitLocker is an effective solution to help safe guard personal and private data on mobile PCs and provides a number of protection options that meet different end-user needs. Like most full volume encryption products on the market, BitLocker utilizes a key in memory when the system is running in order to encrypt/decrypt data on the fly for the drives in use. We recognize users want advice with regards to BitLocker and have published best practice guidance in The Data Encryption Toolkit for Mobile PCs. In the toolkit, we discuss the balance of security and usability and detail that the most secure method to use BitLocker is hibernate mode and with multi-factor authentication. Using this method, a machine that is powered off or in hibernate mode would protect users from the ability to extract a physical memory image of the computer.

    btw. The Passware Kit Forensic product costs $795.00.

    Nothing is safe, Nothing is sacred.

  5. #5
    roraniel's Avatar
    roraniel is offline Gold Member
    Join Date
    Oct 2008
    Location
    Pinehurst, NC
    Posts
    860

    Default

    It never fails to amaze me how people make it competition to see how fast they can break a new security feature.

  6. #6
    nitinagarwal1988's Avatar
    nitinagarwal1988 is offline Microsoft MVP
    Join Date
    Jan 2009
    Location
    Pilani, India
    Posts
    1,570

    Default

    Quote Originally Posted by roraniel View Post
    It never fails to amaze me how people make it competition to see how fast they can break a new security feature.
    In some aspect it is quite good..so, the security system developers build more & more efficient and secure systems....

    Windows Bitlocker has been introduced almost 4yrs ago and till then its the first case of breaking of Bitlocker encryption system.....and I think Microsoft will surely comeup with any solution in the coming service packs of Windows 7 or may be of Vista also......

  7. #7
    HappyAndyK's Avatar
    HappyAndyK is offline Site Administrator
    Join Date
    Jun 2008
    Posts
    7,572

  8. #8
    Cithel is offline Senior Member
    Join Date
    Nov 2009
    Location
    Omaha, Nebraska USA
    Posts
    168

    Default

    While I'm not paranoid (really), there are some very smart people working all over the world in law enforcement agencies and they probably perceive the need for the ability to bypass encryption. The question becomes; who can get their hands on the software to do this? Hopefully its not something that just anyone can whip out a credit card and buy it.

    It would surprise me greatly if the US government doesn't have something like this for most encryption systems. It's not like the National Security Agency (for one) is dumb about this sort of thing.

  9. #9
    bandicoat is offline Beginner
    Join Date
    Dec 2009
    Posts
    24

    Default

    Quote Originally Posted by HappyAndyK View Post
    Fraunhofer SIT has presented a method for discovering the BitLocker drive encryption PIN under Windows.
    Works even with TPM module, scary!
    It seems that it is true again: when someone gets physical access on a machine, it is doomed.
    The only solution seem no-frills file level encryption... but it solves only the storing and distribution part of the problem: still you need a secure environment to create&modify the file, and to secure any temporary tracks of the clear file from disk.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22