The Channel logo

News

By | Dan Goodin 27th February 2008 00:27

Bitlocker hack is easily prevented, Microsoft says

Restoring Vista disk crypto's good name

A disk encryption system built into Windows Vista remains a viable way to protect sensitive files, according to Microsoft. In a blog posting, Russ Humphries, senior product manager for Windows Vista Security, outlined simple steps that users can take to prevent an attack laid out last week in a high-profile research report. He says the hack can be easily prevented.

The researchers demonstrated a novel way to access files that presumably were locked using Vista's BitLocker and similar disk encryption systems offered by competitors such as Apple. They showed it was possible to pilfer the encryption key needed to unlock the files by accessing a "ghost image" that remained in a computer's memory after the system entered hibernation mode. Ten minutes after machines were powered down, the researchers were still able to access the key by using compressed air to cool the memory chips.

According to Humphries, the hack is easily prevented. Users can configure BitLocker to prevent a PC from booting, or resuming from hibernation without confirmation of a password or a second key contained on a USB stick.

"The thing to keep in mind here is the old adage of balancing security, usability and risk," he wrote. "For example BitLocker provides several options that allow for a user (or more likely Administrator) to increase their security protections but at the cost of somewhat lowering ease-of-use."

He said BitLocker allows administrators to remotely change protection settings by having a script execute.

"Thanks to BitLocker's design, which implements key abstraction, a script can be executed that adds pre-boot protection mechanisms without requiring the re-encryption of the hard disk. This script can therefore execute very quickly.

Exotica

Humphries also worked to downplay the likelihood that an attack as exotic as this one would work in the trenches or real-world crime. Thieves would first have to get physical access to a machine and the machine would most likely need to be in sleep mode.

"I would posit that the opportunistic laptop thief is somewhat unlikely to carry a separate laptop on which they will have installed tools that allow them to reconstruct cryptographic keys - or for that matter have a can of compressed air handy."

The Bitlocker attack is a wake-up call for privacy and security buffs because it demonstrated a fundamental weakness in a key tool used to protect sensitive data. BitLocker, and a similar feature that Apple has baked into OS X called FileVault, allow users to encrypt selected files or entire hard drives. In the event a PC is lost or stolen, files containing trade secrets, employee data or other confidential information would be unreadable to anyone without the key.

According to the researchers, who came from Princeton University, Wind River System and the Electronic Frontier Foundation, there is little that can be done to prevent ghost images from being readily accessed. Software changes are likely to be ineffective, and altering the way hardware works inside a laptop would take years.

But as Humphries demonstrates, one or two additional measures could make all the difference. Question is, will anyone use them? ®

comment icon Read 41 comments on this article alert Send corrections

Opinion

Alexandre Mesguich

Change is order of day as tech giants shift strategy gears
Partnership

Frank Jennings

Confused? No problem, we have 5, no 6, no 7... lots of standards

Chris Mellor

VC sequence could end not with a bang, but a whimper
Sad man stares glumly over boxed contents of desk. Image via shutterstock (Baranq)

Features

money trap conceptual illustration
Big boys snare the unwary with too-good-to-be-true deals
Angus Highland cow
Pet carriers not wanted for whitebox stampede
FBcoldstoragearray
Sorry OpenStack and Open Compute, we're not all Facebook
Gary Kovacs, CEO of AVG. Pic: World Economic Forum
Scammy download sites? Government snooping? Run of the mill for Gary Kovacs