Microsoft senior director Paul Cooke has rubbished claims that the software giants hard drive encryption tool, BitLocker, has been "cracked".
Several reports over the last few weeks have highlighted weaknesses regarding BitLocker Drive Encryption (BDE) and some have claimed commercial software can "crack" BitLocker. One report from Arstechnica incorrectly claims that a new tool released by software firm Passware "cracks" BitLocker. In a blog posting on Monday, Cooke rubbished this claim stating "the tool 'recovers encryption keys for hard drives' which relies on the assumption that a physical image of memory is accessible, which is not the case if you follow BitLocker's best practices guidance."
Cooke goes on to explain that the goal of BitLocker is that it is intended to help protect data at rest (e.g. when the machine is powered off). If a malicious user has physical access to a running system, it could be possible to make a copy of the computer's memory contents by using an administrative account on the machine, or through hardware-based methods such as direct memory access (DMA). The weakness is not specific to BitLocker but also affects any drive encryption software.
Another report, published by Fraunhofer SIT discusses compromising BitLocker if the attacker has access to the physical machine, multiple times. Cooke explains the method, "an attacker could spoof the pre-OS collection of the user's PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user's PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user's PIN and complete the attack scheme." Cooke then states that these attack pose a " relatively low risk" to users who implement BitLocker security in the real world. "These sorts of targeted threats are not new and are something we've addressed in the past" confirms Cooke.
If you are interested in learning more about protecting your machine with BitLocker or the new BitLocker To Go that protects portable USB drives then please see our Windows 7 overview of BitLocker To Go.
18 Comments - Add comment