Microsoft downplays Windows BitLocker attack threat

Discussion in 'Windows News' started by whoosh, Dec 9, 2009.

  1. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    25,723
    Likes Received:
    381
    Microsoft downplays Windows BitLocker attack threat

    Computerworld - Microsoft dismissed recently-disclosed threats to its BitLocker disk-encryption technology as "relatively low risk," noting that attackers must not only have physical access to a targeted PC, but must manipulate the machine two separate times.
    The company's move was prompted by a paper published by five German researchers at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT), a Darmstadt, Germany-based security company. In the paper, the researchers spelled out multiple attack scenarios criminals could use to access files protected by BitLocker.
    BitLocker, which Microsoft debuted in higher-end versions of Windows Vista, is included only in Windows 7 Ultimate and Windows 7 Enterprise, available only to companies and organizations that buy Windows licenses in volume, as well as Windows Server 2008 and Server 2008 R2. The software encrypts disk volumes and locks them with a PIN, USB-based key device or, if the computer includes one, a Trusted Platform Module (TPM) chip.
    The Fraunhofer SIT researchers spelled out five attack possibilities, including one where the attacker boots the PC from a flash drive and replaces the BitLocker bootloader with a substitute bootloader that spoofs the PIN request process, then snatches the PIN and saves it to disk or sends it elsewhere using the computer's wireless connection. Later, the attacker must revisit the PC to use the purloined PIN to access the BitLocker-protected data.
    Microsoft scoffed at such scenarios.
    "This sort of targeted attack poses a relatively low risk to folks who use BitLocker in the real world," said Paul Cooke, a senior director at Microsoft who looks after the operating system's security features.
    In a post to the Windows Security blog, Cooke acknowledged that the Fraunhofer SIT researchers were right. "Even with BitLocker's multi-authentication configurations, an attacker could spoof the pre-OS collection of the user's PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user's PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user's PIN and complete the attack scheme."
    Cooke downplayed the threat and argued that that research broke no new ground. "These sorts of targeted threats are not new and are something we've addressed in the past; in 2006 we discussed similar attacks, where we've been straightforward with customers and partners that BitLocker does not protect against these unlikely, targeted attacks."
    The Fraunhofer SIT five-some admitted that the attacks they outlined were essentially useless in what they called "opportunistic" attacks, which they defined as "easily obtained under common real-world conditions." Instead, the attack vectors they detailed required physical access to the targeted machine.
    They also noted that their attack scenarios didn't exploit an actual vulnerability in BitLocker. "Our attack demonstration does neither imply a bug in BitLocker, nor renders it Trusted Computing useless," said two of the researchers in an entry on the Fraunhofer SIT blog. "BitLocker still works as well as other disk encryption products, it only fails to fulfill an unrealistic, yet common, expectation."
    The pair also posted a video demonstrating the spoofed bootloader attack on the blog.
     
  2. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    Hey, quit stealing my posts:D

    I posted this earlier in the Security Zone section.

    No worries though, more people get access to it.
     
  3. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    25,723
    Likes Received:
    381
    Sorry never got around too the Security Zone .
    That is a good point , will spread the news a tad . Thanks :)
     
  4. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    Sure enough, I don't mind since it's you whoosh;)
     
  5. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    25,723
    Likes Received:
    381
    Well that is really kind of you . Always a pleasure and if I notice you have inadvertently posted something I have already posted I will reciprocate the kindness :D
    Now that The Water Cooler is in a state of flux had to spread me wings a tad to take up the air in the more rarefied heights of the forum . My treading water days may be numbered :eek: !!!
     
  6. reghakr

    reghakr Excellent Member

    Joined:
    Jan 26, 2009
    Messages:
    14,220
    Likes Received:
    180
    I think I know what you mean and I'll stand up for you in any way possible.

    I think I'm on the list also.
     
  7. whoosh

    whoosh Cooler King
    Staff Member Premium Supporter

    Joined:
    Apr 15, 2009
    Messages:
    25,723
    Likes Received:
    381
    Thanks reghakr:D
     

Share This Page

Loading...