madison
Home / News & Blogs

Researchers break into BitLocker

Matthew Broersma | December 7, 2009 9:16 AM PST

Summary

Researchers published a technique for getting around Microsoft's BitLocker disk-encryption technology, even when BitLocker is used in connection with a hardware-based Trusted Platform Module.

Topics

Researcher, BitLocker, security, Microsoft, Matthew Broersma
The security test lab of Fraunhofer SIT has published a technique for getting around Microsoft's BitLocker disk-encryption technology, even when BitLocker is used in connection with a hardware-based Trusted Platform Module.

The attack is intended to counter the widely held belief that a Trusted Platform Module (TPM) device is a foolproof way of protecting sensitive data, Fraunhofer SIT researchers said on Thursday.

"Our attack demonstration does not imply a bug in BitLocker, nor does it render Trusted Computing useless," said Fraunhofer SIT researchers Jan Steffan and Jan Trukenmüller in a statement. "BitLocker still works as well as other disk-encryption products, it only fails to fulfil an unrealistic yet common expectation."

BitLocker Drive Encryption, found in Vista, Windows 7 and Server 2008 versions of Microsoft Windows, is designed to prevent a thief from viewing protected files by tampering with a lost or stolen PC. If there is a TPM on the computer, this can be used in the encryption and decryption process for extra protection.

Microsoft told ZDNet UK it was aware of the attack, but could not immediately comment.

For more on this story, including how the researchers did it, read "Researchers break into BitLocker" on ZDNet UK.

Talkback Most Recent of 11 Talkback(s)

  • Nothing is 100% secure....
    For a system like Windows, this is a way of offering a similar level of security to that of Mac or Linux to spite the limitations of the OS. Something which will hopefully win back some of their Server OS sales and provide a selling point for their laptops. Because people will generally want to use it when they can, it doesn't have to be 100%...just good enough to drive sales.

    The only questions are; does it offer security at least comparable to what is currently offered by other platforms? To which the answer is, probably, yes; And would you quit Windows to get better security if you had to? ...To which the answer is, no.

    If that is enough to make the sale, then it is good enough.
    ZDNet Gravatar
    Socratesfoot
    7th Dec 2009
  • RE: Researchers break into BitLocker
    This is a Microsoft product, what did you expect?
    ZDNet Gravatar
    gertruded
    7th Dec 2009
  • This is a gertruded post
    what did we expect?
    ZDNet Gravatar
    John Zern
    7th Dec 2009
  • Not much, sometimes nothing at all
    The sad part is that he didn't even read the article.
    ZDNet Gravatar
    Loverock Davidson
    7th Dec 2009
  • It's the truth
    Something M$ seems to have a problem with.
    ZDNet Gravatar
    Wintel BSOD
    9th Dec 2009
  • Bitlocker still useful for what 99% of users expect
    This attack involves installing malicious boot code to
    snoop on the bitlocker password while faking a boot.
    The attack will not be successfuk unless all of the
    following holds true:

    1) The attacker must gain physical access to the
    machine without leaving traces which could make the
    rightful user suspicious

    2) The machine must allow boot from an alternate
    device

    3) The rightful user must then use the compromised
    machine and enter the bitlocker password (which is
    then recorded in a private section of the disk)

    4) The attacker must then AGAIN gain access to the
    machine. Not it can be stolen and the password (and
    thus the data) can be retrieved.
    ZDNet Gravatar
    honeymonster
    7th Dec 2009
  • All good points
    And all lead to the conclusion that if my laptop is lost or stolen it is still well protected since #2 is disabled and if I ever get it back (unlikely as it will have been sold for crack money) the bad guys are not going to get a chance at #3 and #4 because its going to be wiped and re-imaged before it ever sees our network again.

    So it still seems like a reasonable level of protection to me. As long as the bad guys can't socially engineer my password, I should be fine.
    ZDNet Gravatar
    cornpie
    7th Dec 2009
  • The same argument for Linux & Apple
    As long as the bad guys can't socially engineer my password, I should be fine.

    That specific point which you Wintel fanbuis continue to gloss over.
    ZDNet Gravatar
    Wintel BSOD
    9th Dec 2009
  • more of the same stupid crap from a linapple user...

    That specific point which you Wintel fanbuis continue to gloss over.

    While you linux and crapple fanboys are also vulnerable to the exact same problem and gloss it over? You think this can't happen to you? Apples keyboards have had a keylogger injected into them, Linux has the same flaws as far as social engineering. It's not OS specific, dumbass.
    ZDNet Gravatar
    ariesghost
    9th Dec 2009
    • Flagged
  • Touchy aren't we?
    While you linux and crapple fanboys are also vulnerable to the exact
    same problem and gloss it over?

    The previous post said that Apple and Linux were in the same
    position, and you accuse them of glossing over the sameness and then
    resort to name calling and abuse.

    What you missed was just the inconspicuous subject line: The same
    argument for Linux & Apple

    Are you that desperate? Or can you not read the large print once the
    term Fanboy is mentioned about you? You thought that word was the
    killer word to put down Mac users and now you're upset that it is used
    on you?

    It's not OS specific, dumbass. Is what the previous poster was
    saying - but he didn't use the word dumbass like you did.

    As far as I am aware the truth is that Apple's keyboards could
    have a key logger injected, but show me where there are reports of
    this actually happening in the wild.

    I could go on forever about possible ways to steal data from any OS -
    ultimately it's not what can be done theoretically, but what is
    practically done.

    Theoretically someone could be about to break down your door right
    now. You got a secure steel door? They've theoretically got a shape
    charge. (Yep there are people trained to get into houses this way)

    If my house can be robbed but isn't I'm secure. I'm certainly not going
    to install roller shutters and screens on all the windows and cameras
    on doors, just so I can get killed in my home like a ptevious
    neighbour of mine did.

    I will put in place what will actually stop the likely methods of break-
    in though.

    Social engineering has been breaking security since society began and
    of course it's OS independent. It also allows people to steal your car,
    rob you in your home etc. To link this to an Apple/Linux/WIndows war
    is really pretty lame even though I see it so much on the blogs.
    ZDNet Gravatar
    richardw66
    9th Dec 2009
  • Poor baby
    Hi dickweed. Had a bad 1st Tuesday of the month? Well I don't blame ya, what with Wintel damage control workin' overtime dealing with drive-by downloads and all that.

    http://blogs.zdnet.com/security/?p=5096&tag=nl.e539

    ConfickerII, anyone?

    lol... grin
    ZDNet Gravatar
    Wintel BSOD
    10th Dec 2009

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity