Feeds

Bitlocker hack is easily prevented, Microsoft says

Restoring Vista disk crypto's good name

Beginner's guide to SSL certificates

A disk encryption system built into Windows Vista remains a viable way to protect sensitive files, according to Microsoft. In a blog posting, Russ Humphries, senior product manager for Windows Vista Security, outlined simple steps that users can take to prevent an attack laid out last week in a high-profile research report. He says the hack can be easily prevented.

The researchers demonstrated a novel way to access files that presumably were locked using Vista's BitLocker and similar disk encryption systems offered by competitors such as Apple. They showed it was possible to pilfer the encryption key needed to unlock the files by accessing a "ghost image" that remained in a computer's memory after the system entered hibernation mode. Ten minutes after machines were powered down, the researchers were still able to access the key by using compressed air to cool the memory chips.

According to Humphries, the hack is easily prevented. Users can configure BitLocker to prevent a PC from booting, or resuming from hibernation without confirmation of a password or a second key contained on a USB stick.

"The thing to keep in mind here is the old adage of balancing security, usability and risk," he wrote. "For example BitLocker provides several options that allow for a user (or more likely Administrator) to increase their security protections but at the cost of somewhat lowering ease-of-use."

He said BitLocker allows administrators to remotely change protection settings by having a script execute.

"Thanks to BitLocker's design, which implements key abstraction, a script can be executed that adds pre-boot protection mechanisms without requiring the re-encryption of the hard disk. This script can therefore execute very quickly.

Exotica

Humphries also worked to downplay the likelihood that an attack as exotic as this one would work in the trenches or real-world crime. Thieves would first have to get physical access to a machine and the machine would most likely need to be in sleep mode.

"I would posit that the opportunistic laptop thief is somewhat unlikely to carry a separate laptop on which they will have installed tools that allow them to reconstruct cryptographic keys - or for that matter have a can of compressed air handy."

The Bitlocker attack is a wake-up call for privacy and security buffs because it demonstrated a fundamental weakness in a key tool used to protect sensitive data. BitLocker, and a similar feature that Apple has baked into OS X called FileVault, allow users to encrypt selected files or entire hard drives. In the event a PC is lost or stolen, files containing trade secrets, employee data or other confidential information would be unreadable to anyone without the key.

According to the researchers, who came from Princeton University, Wind River System and the Electronic Frontier Foundation, there is little that can be done to prevent ghost images from being readily accessed. Software changes are likely to be ineffective, and altering the way hardware works inside a laptop would take years.

But as Humphries demonstrates, one or two additional measures could make all the difference. Question is, will anyone use them? ®

Beginner's guide to SSL certificates

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Choosing cloud Backup services
Demystify how you can address your data protection needs in your small- to medium-sized business and select the best online backup service to meet your needs.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Choosing a cloud hosting partner with confidence
Download Choosing a Cloud Hosting Provider with Confidence to learn more about cloud computing - the new opportunities and new security challenges.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.