Feeds

Bitlocker hack is easily prevented, Microsoft says

Restoring Vista disk crypto's good name

Providing a secure and efficient Helpdesk

A disk encryption system built into Windows Vista remains a viable way to protect sensitive files, according to Microsoft. In a blog posting, Russ Humphries, senior product manager for Windows Vista Security, outlined simple steps that users can take to prevent an attack laid out last week in a high-profile research report. He says the hack can be easily prevented.

The researchers demonstrated a novel way to access files that presumably were locked using Vista's BitLocker and similar disk encryption systems offered by competitors such as Apple. They showed it was possible to pilfer the encryption key needed to unlock the files by accessing a "ghost image" that remained in a computer's memory after the system entered hibernation mode. Ten minutes after machines were powered down, the researchers were still able to access the key by using compressed air to cool the memory chips.

According to Humphries, the hack is easily prevented. Users can configure BitLocker to prevent a PC from booting, or resuming from hibernation without confirmation of a password or a second key contained on a USB stick.

"The thing to keep in mind here is the old adage of balancing security, usability and risk," he wrote. "For example BitLocker provides several options that allow for a user (or more likely Administrator) to increase their security protections but at the cost of somewhat lowering ease-of-use."

He said BitLocker allows administrators to remotely change protection settings by having a script execute.

"Thanks to BitLocker's design, which implements key abstraction, a script can be executed that adds pre-boot protection mechanisms without requiring the re-encryption of the hard disk. This script can therefore execute very quickly.

Exotica

Humphries also worked to downplay the likelihood that an attack as exotic as this one would work in the trenches or real-world crime. Thieves would first have to get physical access to a machine and the machine would most likely need to be in sleep mode.

"I would posit that the opportunistic laptop thief is somewhat unlikely to carry a separate laptop on which they will have installed tools that allow them to reconstruct cryptographic keys - or for that matter have a can of compressed air handy."

The Bitlocker attack is a wake-up call for privacy and security buffs because it demonstrated a fundamental weakness in a key tool used to protect sensitive data. BitLocker, and a similar feature that Apple has baked into OS X called FileVault, allow users to encrypt selected files or entire hard drives. In the event a PC is lost or stolen, files containing trade secrets, employee data or other confidential information would be unreadable to anyone without the key.

According to the researchers, who came from Princeton University, Wind River System and the Electronic Frontier Foundation, there is little that can be done to prevent ghost images from being readily accessed. Software changes are likely to be ineffective, and altering the way hardware works inside a laptop would take years.

But as Humphries demonstrates, one or two additional measures could make all the difference. Question is, will anyone use them? ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
SMASH the Bash bug! Apple and Red Hat scramble for patch batches
'Applying multiple security updates is extremely difficult'
Shellshock: 'Larger scale attack' on its way, warn securo-bods
Not just web servers under threat - though TENS of THOUSANDS have been hit
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
prev story

Whitepapers

A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.