Windows BitLocker Claims

Windows BitLocker Claims

  • Comments 24
  • Likes

Windows 7 is seeing success in the marketplace which I am very happy about from a security perspective. The Microsoft Security Intelligence Report has shown us again and again that the more up-to-date a PC is, the less likely it is to be infected by malware and other potentially dangerous software. So Windows 7 making strides is helpful to the ecosystem overall from a security standpoint. Success comes at a price though, through greater scrutiny and misinterpretation of some of the technologies. One of those technologies is BitLocker.

I've seen numerous claims the past few weeks about weaknesses in BitLocker and even claims of commercial software that "breaks" BitLocker. One claim is from a product that "allows bypassing BitLocker encryption for seized computers." This claim is for a forensics product and has legitimate uses; however, to say it "breaks" BitLocker is a bit of a misnomer. The tool "recovers encryption keys for hard drives" which relies on the assumption that a physical image of memory is accessible, which is not the case if you follow BitLocker's best practices guidance. The product, like others used legitimately for data recovery and digital forensics analysis, requires "a physical memory image file of the target computer" to extract the encryption keys for a BitLocker disk.  Our discussions of Windows BitLocker have always been to communicate that it is intended to help protect data at rest (e.g. when the machine is powered off). If a forensics analyst or thief/adversary has physical access to a running system, it may be possible to make a copy of the computer's memory contents by using an administrative account on the system, or potentially through hardware-based methods such as direct memory access (DMA).

Another report discusses targeted attack vectors where the attacker must gain physical access to the computer, multiple times I might add. This research is similar to other published attacks where the owner leaves a computer unattended in a hotel room and anyone with access to the room could tamper with this computer. This sort of targeted attack poses a relatively low risk to folks who use BitLocker in the real world. Even with BitLocker's multi-authentication configurations, an attacker could spoof the pre-OS collection of the user's PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user's PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user's PIN and complete the attack scheme. These sorts of targeted threats are not new and are something we've addressed in the past; in 2006 we discussed similar attacks, where we've been straightforward with customers and partners that BitLocker does not protect against these unlikely, targeted attacks.

Our customers are confronted with a wide spectrum of data security threats that are specific to their environment and we work hard to provide capabilities and information to help the customer achieve the right balance of security, manageability, and ease-of-use for their specific circumstances. BitLocker is an effective solution to help safeguard personal and private data on mobile PCs and provides a number of protection options that meet different end-user needs.  Like most full volume encryption products on the market, BitLocker uses a key-in memory when the system is running in order to encrypt/decrypt data on the fly for the drives in use.  Also like other encryption products, a determined adversary has significant advantages when they have physical access to a computer.

We recognize users want advice with regards to BitLocker and have published best practice guidance in The Data Encryption Toolkit for Mobile PCs. In the toolkit, we discuss the balance of security and usability and detail that the most secure method to use BitLocker in hibernate mode and a TPM+PIN configuration. Using this method, a machine that is powered off or hibernated will protect users from the ability to extract a physical memory image of the computer.

Windows 7 BitLocker continues to be a foundational component adding to any defense in depth strategy for securing systems, and specifically laptops.  Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution.  IT professionals as well as users must be diligent when protecting IT resources and the best protection against these sorts of targeted attacks requires more than just technology: it requires end user education and physical security also play important roles.

24 Comments
You must be logged in to comment. Sign in or Join Now
  • It was fairly complicated to design the exploit because it requires a good deal of programming effort to design a replacement programmable firmware, but UEFI includes support for networking, even TCP/IP, so once an attacked computer gets their UEFI reprogrammed the computer only has to reboot for an attacker to take control of it - and it's OS independent too.  Sounds like pretty scary stuff IMO. http://www.garlicbreath.org

  • Neither have I to be honest.

  • I've never had any malware problems with windows 7

  • Someone could tell me if it is possible to use Bitlocker + eToken?

    Recently I saw a video of Princeton University showing how to pass the bitlocker, extracting the encryption key from RAM and it occurred to me it would be possible to use this possibility. Since theoretically the key is to stay within the token.

    Thank you.

  • Jullia
    1 Posts

    This is nice post . Thanks for sharing this info .

  • Thanks for sharing such useful information.

  • In these days BitLocker become so much popular, and it is a good sign that people are moving towards quality tools. Thanks for the useful informaion.

  • In these days Bitlocker is getting popularity. It is a good sign that people are moving towards quality tools. Thanks for sharing such a informative resource.

  • I have known that Windows Vista - This edition targets the enterprise segment of the market: it comprises a superset of the Vista Business edition. Additional features include support for Multilingual User Interface (MUI) packages, BitLocker Drive Encryption, and UNIX application-support.

  • This is an information that shold be shared; The Encrypting File System (EFS) on Microsoft Windows is a file system filter that provides filesystem-level encryption and was introduced in version 3.0 of NTFS. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

    Hope you like it.

  • Recently I have read this post, and have some interest on bitlocker. I have found some infoirmation on it : There are a number of security and safety features new to Windows Vista, most of which are not available in any prior Microsoft Windows operating system release.

    Am I right??

  • I think Bitlocker is a new invention of windows, but if there are some defects or negative points in it then it should be chenged. Hopefully a substitute of Bitlock will replace it soon. So now hope forthe best. By the way thanks Paul for the information.

  • I think Bitlocker is a new invention of windows, but if there are some defects or negative points in it then it should be chenged. Hopefully a substitute of Bitlock will replace it soon. So now hope forthe best. By the way thanks Paul for the information.

  • Thanks for these articles, good job!

  • Security will always be a work in progress in my opinion. Constant monitoring and taking advantage of newer tech to replace the older should be the rule. However, it doesn't help when guys at  Fraunhofer SIT raise a red flag when really this is just a yellow flag.

    It also doesn't help when we have irresponsible technology vendors relying on older OSes no matter how good the defense layers are, when newer and better written OSes are available. Those who rest on their laurels create situations where technologies such as Bitlocker will be eventually compromised in a serious way

  • Security in applications always remained main concern for Microsoft Developers and their applications are best suited if we talk from Security point of view.

    There are certain complaints about BitLockers, like it can be hacked or can be accessed. But I agree with author in this context, BitLockers can't save your data if you allow physical access to your PC and there is no other way to access data.

    I believe MS products are best at security so I think these are rumors and only to create confusion about the products. Thanks

  • Hmm....just asking around about potential security issues, apparently the buddy of mine that works for an IT security company says that they already have working exploit code that takes advantage of bootloader links in UEFI firmware NVRAM to control the boot process of a remote computer.  It was fairly complicated to design the exploit because it requires a good deal of programming effort to design a replacement programmable firmware, but UEFI includes support for networking, even TCP/IP, so once an attacked computer gets their UEFI reprogrammed (easy to do in any OS because there are updaters that run on Linux and Windows), the computer only has to reboot for an attacker to take control of it - and it's OS independent too.  Sounds like pretty scary stuff IMO.

  • This is one of the most useful Internet resources that I have seen. Thanks! ;)

  • Windows is another great example of Microsoft's commitment towards providing healthy IT resources for business and PC users. Security of data and computer resources always remained a major concern for Microsoft and this is what one can found in BitLocker.

    For every good product there are rumors saying some negative features related to it. In my view, BitLocker has no such issue and all these are rumors and based on assumptions only, no reality exits behind. Thanks

  • BitLocker Drive Encryption is a data protection feature available in Windows Enterprise and Ultimate for client computers and in Windows Server 2008. BitLocker is Microsoft's response to a frequent customer request: address these very real threats of data theft or disclosure from lost, stolen or inappropriately decommissioned PC hardware with a tightly integrated solution in the Windows Operating System.

    BitLocker prevents a thief who boots another operating system or runs a software hacking tool from breaking Windows Vista file and system protections or performing offline viewing of the files stored on the protected drive.

  • Windows 7 BitLocker continues to be a foundational component adding to any defense in depth strategy for securing systems, and specifically laptops.  Even with the great enhancements made in Windows 7 such as BitLocker To Go, it still remains that BitLocker alone is not a complete security solution. Keep it up

  • Thanks for these articles, I enjoyed them!

  • Great Article. i Like  windows 7

    <a href="http://www.dizi.nl">dizi indir</a>

    <a href="http://www.fulldowntr.com">full indir</a>

    <a href="http://www.mp3muzikdinlex.com">mp3 dinle</a>

    <a href="http://www.mp3muzikindir.net">full album indir</a>

  • Brysow
    1 Posts

    Good article , especially since I' having to go through the same conversations about Bitlocker and what it provides and EFS and what it provides. I noticed you mentioned the data encryption toolkit, which has a wonderful tool called EFS Assistant.However, EFSAssistant does not install on Win7. Is there any movement to update that or add similar capabilities directly to Windows 7 ?