WinInfo Daily News   |   Windows IT Pro
in

This Blog

Syndication

Tags

SuperSite Blog

Researchers Break into BitLocker

ZDNet UK has an interesting post about security researchers from Fraunhofer SIT that have managed to bypass the BitLocker disk encryption technology in Windows 7, Vista, and Server 2008. According to the firm, there's nothing wrong with BitLocker per se; it's just that the encryption it uses isn't foolproof, even when a hardware-based TPM (Trusted Platform Module) is present on the PC.

The attack is intended to counter the widely held belief that a Trusted Platform Module (TPM) device is a foolproof way of protecting sensitive data, Fraunhofer SIT researchers said on Thursday.

"Our attack demonstration does not imply a bug in BitLocker, nor does it render Trusted Computing useless," said Fraunhofer SIT researchers Jan Steffan and Jan Trukenmüller in a statement. "BitLocker still works as well as other disk-encryption products, it only fails to fulfil an unrealistic yet common expectation."

"Many people seem to believe that Trusted Computing would automatically protect the system from all software-based attacks against the boot process, and in particular that using BitLocker with a TPM would achieve such protection," stated Steffan and Trukenmüller. [But] a variety of hardware-based attacks against BitLocker... remain possible. We demonstrate how an attack based solely on tampering with the boot loader may still succeed and help the attacker to gain access to confidential data."

Fraunhofer SIT has published a research paper on the attack on its website.

Microsoft told ZDNet UK it was aware of the attack, but could not immediately comment.

Published Dec 07 2009, 08:22 PM by pthurrott
Filed under: , , ,

Comments

 

Twitter Trackbacks for Researchers Break into BitLocker - SuperSite Blog [winsupersite.com] on Topsy.com said:

Pingback from  Twitter Trackbacks for                 Researchers Break into BitLocker - SuperSite Blog         [winsupersite.com]        on Topsy.com

December 7, 2009 6:37 PM
 

Webdev511 said:

This again? I wonder what part of "Bit Locker is designed to provide at rest encryption." is supposed to protect against boot loader or hardware based attacks?

They should have just published a white paper that said "We beat Bit Locker via a vector that it wasn't designed to protect.", but that wouldn't get as much attention now would it?

December 7, 2009 6:39 PM
 

Researchers Break into BitLocker | The Software Nook said:

Pingback from  Researchers Break into BitLocker | The Software Nook

December 7, 2009 7:00 PM
 

jctierney said:

This just shows that no security system can ultimately be secure enough.

I'll still use BitLocker for my day-to-day encryption needs, despite this.  More than likely, people that I come across won't know anything about encryption and will know even less on how to crack it.

December 7, 2009 8:19 PM
 

Windows 7 Blog » Researchers Break into BitLocker said:

Pingback from  Windows 7 Blog » Researchers Break into BitLocker

December 7, 2009 11:48 PM
 

Researchers Break into BitLocker | Windows Seven 7 said:

Pingback from  Researchers Break into BitLocker | Windows Seven 7

December 8, 2009 2:47 AM
 

teemark said:

Unless this is different than the so-called "exploit" last wee, it requires local admin access to pull the encryption keys from active memory.  Bitlocker, or any other whole-disk encryption, is meant to protect data in an at-rest state.  It's like saying that you've figured out how to steal someone's car when they left it running with the keys in the ignition.  It's so much easier to make a ridiculous claim, then get the story picked up by half the internet than it is to point out the logical flaws in the story.

December 8, 2009 7:24 AM
 

gfryesc1 said:

so there's 'nothing wrong with bitlocker per se' even though it uses insecure encryption?  So what's right with bitlocker, intuitive interface?  that's great.

December 8, 2009 9:00 AM
 

mikegalos@msn.com said:

Webdev511 and teemark have it right.

In fact teemark's analogy doesn't even go far enough. The "exploit" they're claiming is more equivalent to leaving your convertible running with the keys in the ignition, the top and windows down, the alarm off and the doors unlocked and then wondering how thieves could have stolen your car since the trunk was locked.

There's more on the Windows blog at windowsteamblog.com/.../windows-bitlocker-claims.aspx

December 8, 2009 9:58 AM
 

teemark said:

....yeah, and I apparently can't spell w-e-e-k either.

December 8, 2009 1:26 PM
 

tayme said:

Just checking in to see if my request to Penton to delete my account was taken care of...obviously not. I'm glad to see that mikegalos is no longer employed at Microsoft and is able to be back here spewing his bitter untruths about everything...also glad that he apprves of others' posts. I am sure that they are relieved to know that as well. I see that "lotsamystuff" and Waethorn are still having that man-love issue. They should just hook up and get it over with.

This blog has gone so far away from what it once was. That's too bad, too. Paul used to be a good source of info. Maybe I'll find one of those account sharing sites to post this user name and password for some troll to come and hover here...

--tayme

December 8, 2009 2:18 PM
Acceptable Use Policy

About pthurrott

Paul Thurrott is the guy behind the SuperSite for Windows. Way behind. :)
Windows IT Pro |  Subscribe |  Register |  FAQ for Windows |  Media Kit |  WinInfo News |  Europe Edition |  About Us |  Contact Us/Customer Service |  Affiliates/Licensing
SQL Server Magazine |  Office & SharePoint Pro |  WinDevPro |  asp.netPRO |  IT Library |  Technology Resource Directory |  ITTV |  IT Job Hound

© 2010 Penton Media, Inc.     Terms of Use | Privacy Statement | Reprints and Licensing