Feeds

Bitlocker hack is easily prevented, Microsoft says

Restoring Vista disk crypto's good name

Internet Security Threat Report 2014

A disk encryption system built into Windows Vista remains a viable way to protect sensitive files, according to Microsoft. In a blog posting, Russ Humphries, senior product manager for Windows Vista Security, outlined simple steps that users can take to prevent an attack laid out last week in a high-profile research report. He says the hack can be easily prevented.

The researchers demonstrated a novel way to access files that presumably were locked using Vista's BitLocker and similar disk encryption systems offered by competitors such as Apple. They showed it was possible to pilfer the encryption key needed to unlock the files by accessing a "ghost image" that remained in a computer's memory after the system entered hibernation mode. Ten minutes after machines were powered down, the researchers were still able to access the key by using compressed air to cool the memory chips.

According to Humphries, the hack is easily prevented. Users can configure BitLocker to prevent a PC from booting, or resuming from hibernation without confirmation of a password or a second key contained on a USB stick.

"The thing to keep in mind here is the old adage of balancing security, usability and risk," he wrote. "For example BitLocker provides several options that allow for a user (or more likely Administrator) to increase their security protections but at the cost of somewhat lowering ease-of-use."

He said BitLocker allows administrators to remotely change protection settings by having a script execute.

"Thanks to BitLocker's design, which implements key abstraction, a script can be executed that adds pre-boot protection mechanisms without requiring the re-encryption of the hard disk. This script can therefore execute very quickly.

Exotica

Humphries also worked to downplay the likelihood that an attack as exotic as this one would work in the trenches or real-world crime. Thieves would first have to get physical access to a machine and the machine would most likely need to be in sleep mode.

"I would posit that the opportunistic laptop thief is somewhat unlikely to carry a separate laptop on which they will have installed tools that allow them to reconstruct cryptographic keys - or for that matter have a can of compressed air handy."

The Bitlocker attack is a wake-up call for privacy and security buffs because it demonstrated a fundamental weakness in a key tool used to protect sensitive data. BitLocker, and a similar feature that Apple has baked into OS X called FileVault, allow users to encrypt selected files or entire hard drives. In the event a PC is lost or stolen, files containing trade secrets, employee data or other confidential information would be unreadable to anyone without the key.

According to the researchers, who came from Princeton University, Wind River System and the Electronic Frontier Foundation, there is little that can be done to prevent ghost images from being readily accessed. Software changes are likely to be ineffective, and altering the way hardware works inside a laptop would take years.

But as Humphries demonstrates, one or two additional measures could make all the difference. Question is, will anyone use them? ®

Remote control for virtualized desktops

More from The Register

next story
UK smart meters arrive in 2020. Hackers have ALREADY found a flaw
Energy summit bods warned of free energy bonanza
DRUPAL-OPCALYPSE! Devs say best assume your CMS is owned
SQLi hole was hit hard, fast, and before most admins knew it needed patching
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Mozilla releases geolocating WiFi sniffer for Android
As if the civilians who never change access point passwords will ever opt out of this one
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
Internet Security Threat Report 2014
An overview and analysis of the year in global threat activity: identify, analyze, and provide commentary on emerging trends in the dynamic threat landscape.