That Guy
7th December 2009, 23:27
Just wondering if anyone has read this and what they think:
Earlier this year a method to get access to date encrypted with the Open Source software True Crypt was published by security researchers which involved physical access to the protected computer system. Back then many commenters and so called security experts mentioned that this was one of the main differences to Microsoft’s Bitlocker encryption.
The last week however revealed that Bitlocker’s encryption after all was not as secure as everyone thought back then. Not one but two methods of attacking a Bitlocker encrypted system were revealed both even working if a Trusted Platform Module is available in the computer system.
The Fraunhofer institute discovered the first attack form which requires physical access to the computer system. It makes use of the fact that Bitlocker does carry out an integrity check of the system but not of the bootloader. The attack therefor replaces the bootloader that can record the user’s pin in unencrypted form. The system would then automatically reboot and replace the fake bootloader with the original one.
The second attack was reported by security company Passware who have added the ability to recover Bitlocker keys in a matter of minutes to their flagship product Passware Kit Forensic version 9.5. This second method requires physical access to the target computer system as well to get hold of a memory image of that computer system to run the recovery.
Both of these attacks and the methods that have been posted earlier that attacked True Crypt required physical access at some point. Two methods even required that the system is active or was active shortly before the attack for it to be successful.
Found on the Ghacks Website (http://www.ghacks.net/2009/12/07/bitlocker-encryption-not-100-secure-after-all/)
I know this is very unlikely to effect any of us but still made interesting reading!
Earlier this year a method to get access to date encrypted with the Open Source software True Crypt was published by security researchers which involved physical access to the protected computer system. Back then many commenters and so called security experts mentioned that this was one of the main differences to Microsoft’s Bitlocker encryption.
The last week however revealed that Bitlocker’s encryption after all was not as secure as everyone thought back then. Not one but two methods of attacking a Bitlocker encrypted system were revealed both even working if a Trusted Platform Module is available in the computer system.
The Fraunhofer institute discovered the first attack form which requires physical access to the computer system. It makes use of the fact that Bitlocker does carry out an integrity check of the system but not of the bootloader. The attack therefor replaces the bootloader that can record the user’s pin in unencrypted form. The system would then automatically reboot and replace the fake bootloader with the original one.
The second attack was reported by security company Passware who have added the ability to recover Bitlocker keys in a matter of minutes to their flagship product Passware Kit Forensic version 9.5. This second method requires physical access to the target computer system as well to get hold of a memory image of that computer system to run the recovery.
Both of these attacks and the methods that have been posted earlier that attacked True Crypt required physical access at some point. Two methods even required that the system is active or was active shortly before the attack for it to be successful.
Found on the Ghacks Website (http://www.ghacks.net/2009/12/07/bitlocker-encryption-not-100-secure-after-all/)
I know this is very unlikely to effect any of us but still made interesting reading!