Earlier this year a method to get access to data encrypted with the Open Source software True Crypt was published by security researchers. It involved physical access to the protected computer system. Back then many commenters and security experts mentioned that this was one of the main differences to Microsoft's Bitlocker encryption.
The last week however revealed that Bitlocker's encryption after all was not as secure as everyone thought back then. Not one but two methods of attacking a Bitlocker encrypted system were revealed, and both attack forms work on systems with a Trusted Platform Module.
The Fraunhofer institute discovered the first attack which requires physical access to the computer system. It makes use of the fact that Bitlocker does carry out an integrity check of the system but not of the bootloader. The attack therefore replaces the bootloader, so that it records the user's pin in unencrypted form. The system would then automatically reboot and replace the fake bootloader with the original one.
The second attack was reported by security company Passware who have added the ability to recover Bitlocker keys in a matter of minutes to their flagship product Passware Kit Forensic version 9.5. This second method requires physical access to the target computer system as well to get hold of a memory image of the computer system to run the recovery.
Both of these attacks and the methods that have been posted earlier that attacked True Crypt require physical access at some point. The two methods even required that the system is active or was active shortly before the attack for it to be successful. While that is certainly limiting the "reach" of either method, it nevertheless shows that it is possible to gain access to encrypted drives or operating systems under certain circumstances.
A video demonstration of the attack form discovered by the Fraunhofer Institute is available on this page.
Update: A new attack against Bitlocker on devices running Microsoft's Windows 10 operating system came to light recently. It takes advantage of the fact that Bitlocker is disabled during feature upgrades of the operating system. You can read all about it here.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.