Bitlocker Encryption Not 100% Secure After All

Martin Brinkmann
Dec 7, 2009
Updated • Jan 4, 2017
Encryption, Security

Earlier this year a method to get access to data encrypted with the Open Source software True Crypt was published by security researchers. It involved physical access to the protected computer system. Back then many commenters and security experts mentioned that this was one of the main differences to Microsoft's Bitlocker encryption.

The last week however revealed that Bitlocker's encryption after all was not as secure as everyone thought back then. Not one but two methods of attacking a Bitlocker encrypted system were revealed, and both attack forms work on systems with a Trusted Platform Module.

The Fraunhofer institute discovered the first attack which requires physical access to the computer system. It makes use of the fact that Bitlocker does carry out an integrity check of the system but not of the bootloader. The attack therefore replaces the bootloader, so  that it records the user's pin in unencrypted form. The system would then automatically reboot and replace the fake bootloader with the original one.

The second attack was reported by security company Passware who have added the ability to recover Bitlocker keys in a matter of minutes to their flagship product Passware Kit Forensic version 9.5. This second method requires physical access to the target computer system as well to get hold of a memory image of the computer system to run the recovery.

Both of these attacks and the methods that have been posted earlier that attacked True Crypt require physical access at some point.  The two methods even required that the system is active or was active shortly before the attack for it to be successful. While that is certainly limiting the "reach" of either method, it nevertheless shows that it is possible to gain access to encrypted drives or operating systems under certain circumstances.

A video demonstration of the attack form discovered by the Fraunhofer Institute is available on this page.

Update: A new attack against Bitlocker on devices running Microsoft's Windows 10 operating system came to light recently. It takes advantage of the fact that Bitlocker is disabled during feature upgrades of the operating system. You can read all about it here.

Bitlocker Encryption Not 100% Secure After All
Article Name
Bitlocker Encryption Not 100% Secure After All
Methods to attack devices protected by Microsoft's Bitlocker encryption were revealed recently that enable attackers to gain access to protected data.
Ghacks Technology News

Tutorials & Tips

Previous Post: «
Next Post: «


Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.