Paul Thurrott's SuperSite for Windows
Home > Type > News > Researchers Break into BitLocker

Researchers Break into BitLocker

Dec. 7, 2009 Paul Thurrott | Paul Thurrott's Supersite for Windows

ZDNet UK has an interesting post about security researchers from Fraunhofer SIT that have managed to bypass the BitLocker disk encryption technology in Windows 7, Vista, and Server 2008. According to the firm, there's nothing wrong with BitLocker per se; it's just that the encryption it uses isn't foolproof, even when a hardware-based TPM (Trusted Platform Module) is present on the PC.

The attack is intended to counter the widely held belief that a Trusted Platform Module (TPM) device is a foolproof way of protecting sensitive data, Fraunhofer SIT researchers said on Thursday.

"Our attack demonstration does not imply a bug in BitLocker, nor does it render Trusted Computing useless," said Fraunhofer SIT researchers Jan Steffan and Jan Trukenmüller in a statement. "BitLocker still works as well as other disk-encryption products, it only fails to fulfil an unrealistic yet common expectation."

"Many people seem to believe that Trusted Computing would automatically protect the system from all software-based attacks against the boot process, and in particular that using BitLocker with a TPM would achieve such protection," stated Steffan and Trukenmüller. [But] a variety of hardware-based attacks against BitLocker... remain possible. We demonstrate how an attack based solely on tampering with the boot loader may still succeed and help the attacker to gain access to confidential data."

Fraunhofer SIT has published a research paper on the attack on its website.

Microsoft told ZDNet UK it was aware of the attack, but could not immediately comment.

Discuss this Article 7

Webdev511
on Dec 7, 2009
This again? I wonder what part of "Bit Locker is designed to provide at rest encryption." is supposed to protect against boot loader or hardware based attacks? They should have just published a white paper that said "We beat Bit Locker via a vector that it wasn't designed to protect.", but that wouldn't get as much attention now would it?
jctierney
on Dec 7, 2009
This just shows that no security system can ultimately be secure enough. I'll still use BitLocker for my day-to-day encryption needs, despite this. More than likely, people that I come across won't know anything about encryption and will know even less on how to crack it.
teemark
on Dec 8, 2009
Unless this is different than the so-called "exploit" last wee, it requires local admin access to pull the encryption keys from active memory. Bitlocker, or any other whole-disk encryption, is meant to protect data in an at-rest state. It's like saying that you've figured out how to steal someone's car when they left it running with the keys in the ignition. It's so much easier to make a ridiculous claim, then get the story picked up by half the internet than it is to point out the logical flaws in the story.
gfryesc1
on Dec 8, 2009
so there's 'nothing wrong with bitlocker per se' even though it uses insecure encryption? So what's right with bitlocker, intuitive interface? that's great.
mikegalos@msn.com
on Dec 8, 2009
Webdev511 and teemark have it right. In fact teemark's analogy doesn't even go far enough. The "exploit" they're claiming is more equivalent to leaving your convertible running with the keys in the ignition, the top and windows down, the alarm off and the doors unlocked and then wondering how thieves could have stolen your car since the trunk was locked. There's more on the Windows blog at http://windowsteamblog.com/blogs/windowssecurity/archive/2009/12/07/wind...
teemark
on Dec 8, 2009
....yeah, and I apparently can't spell w-e-e-k either.
tayme
on Dec 8, 2009
Just checking in to see if my request to Penton to delete my account was taken care of...obviously not. I'm glad to see that mikegalos is no longer employed at Microsoft and is able to be back here spewing his bitter untruths about everything...also glad that he apprves of others' posts. I am sure that they are relieved to know that as well. I see that "lotsamystuff" and Waethorn are still having that man-love issue. They should just hook up and get it over with. This blog has gone so far away from what it once was. That's too bad, too. Paul used to be a good source of info. Maybe I'll find one of those account sharing sites to post this user name and password for some troll to come and hover here... --tayme

Please or Register to post comments.

Related Articles

IT/Dev Connections

Las Vegas
September 30th - October 4th

Paul ThurottYou'll have the opportunity to experience:
• 120 Technical
Sessions
• Networking with Peers
• Expert Speakers


Come See Paul Thurrott & Mary Jo Foley in Person!

Register Now

Office 365 InfoCenter

Get the latest insight and info from Paul

Read Now!

What I Use
Apr. 18, 2013
Article

What I Use: On the Road 21

Every so often, I publish an updated version of my “What I Use” document, which details the technology products and services I actually use day-to-day. Since I’m currently on my third business trip in five weeks, this is perhaps an ideal time to discuss the technology products I rely on when I travel and a few related points....More
Mar. 6, 2013
Article

What I Use: March 2013 33

Lots of changes since November, including a new PC-based home server running Windows 8, several new smart phones, new PCs and tablets, new cloud backup, Office 365 Home Premium and a nice doubling of my Internet speeds courtesy of Verizon FIOS....More
WinSuperSite.com
Related Penton Sites
Copyright © 2013 Penton Media, Inc