Will Bitlocker's Security Flaw Remain in Windows 8?
I write a lot about security, and about Microsoft's Bitlocker drive encryption technology. Frankly I really like Bitlocker because it is easy to deploy and because its tied to a TPM (Trusted Platform Module) chip on a computer's motherboard, it's very secure. It does have a flaw however and with Windows 8 now upon us this is beginning to concern me. First of all let me explain what Bitlocker is in a bit more detail. This system is a full-disc encryption technology. It will completely encrypt a computer's, or more commonly a laptop's hard disk(s) and store the encryption key on the TPM chip. This is different from the Bitlocker To Go feature used to encrypt external USB hard disk and Pen Drives which doesn't require the TPM.
When I've written about Bitlocker before I've highlighted all the times we've heard, and speculated on all the times we haven't heard about laptops being left on buses, in the backs of taxis, on trains, in coffee shops and so on. These laptops usually belong to businesses and can contain very sensitive and precious data. Worldwide thousands of laptops are lost or stolen every single day. Top this off with the number of government laptops that are left laying around and lost and the picture gets very concerning indeed.
This flaw, which is more of a design and coding fault than anything else, stores the encryption key on memory when the computer is being used. If a laptop is placed in hibernation the contents of memory are written to a hibernation file and stored until you wake the computer next. This hibernation file also contains the encryption key, uncoded, and any hacker who knows what he's doing, or any industrious person with the correct cracking software, can read the file and get the unlock code. It is because of this that security experts recommend that you disable hibernation if you use Bitlocker.
But what about Windows 8? You can still disable hibernation and, presumably this security problem will still go away. But Windows 8 hibernates the computer every time you shut it down. It does this so that it can provide quick startup times, and they are very quick. Unfortunately there's been no word yet on whether the Bitlocker hiberfile flaw has been rectified or, if hibernation is manually disabled, some type of hibernation still occurs when the computer is shut down.
These are questions that businesses and governments will need answers to before they make any decision on whether or not to upgrade to Windows 8. The simple fact remains though that Bitlocker will protect the vast majority of computers and should be used anyway. The chances that a random government laptop will be left in a taxi containing very sensitive data, and the person finding it will know about the flaw and how to circumvent it, or even be interested in the laptop's contents and infinitesimally small. Theft is the problem here where specific people, and specific computers would be targeted deliberately.
So don't let this put you off using Bitlocker or encrypting your data. In any business it's important to do so if only to maintain compliance with data protection laws and regulations. Microsoft need to reassure us all though if Bitlocker isn't going to be resigned to the bin of great computing ideas.
Advertisement
People you are so naive. It is not a ‘flaw’, or coding mistake. This is obviously deliberate design on the part of Microsoft. Just a coincidence that TrueCrypt was recently taken down??? Humanity is like dodo birds sitting and waiting to be taken to the slaughter. They want total control of all data on your computer, on the internet, and total identity control. Period.
today is 7-4-2014
the article is alive
i think the comments are more important then the article :)
thanks
Wow this article is complete rubbish, Mike how can you call yourself an MVP.
As others have pointed out, hibernation represents no risk whatsoever because the hibernation file itself is encrypted on the disk by bitlocker. You can’t recover the key from the hibernation file… because you need the key to read it.
You really need to take down this article as it is completely false and misleading.
Mike’s definition of “flawed” is flawed. If something is working as designed, it’s not flawed.
If you give someone access to your memory, and then say, I dare you to access my memory, that is not a flaw or a hack – it’s your own stupidity.
This vulnerability exists with *any* disk encryption software
I don’t see how the hibernation file can be a security issue, as it is stored encrypted.
The vulnerability would exist if the computer can be booted up and have the OS running, which would be the case if you don’t have some type of pre-boot authentication, or if you put the computer to sleep. This would be the same with any encryption technology, BitLocker or TrueCrypt. This can be avoided by disabling firewire, which is part of the vulnerability. As far as preventing cold-boot attacks, this would be more difficult, but cold-boot attacks are difficult to do and must be done very quickly in a cold environment.
For someone that writes a lot about encryption and BitLocker, I was really disappointed to read this article that is inaccurate.
Wow, you really don’t understand BitLocker do you!
How can anyone read the hibernation file if it is on an encrypted disk?!?
I really think you need to remove this article or at least add a retraction at the top.
I concur with Stu Fox: Sleep is to be avoided, Hibernation is ok.
I think you’re mistaken on this. In hibernated state, the hibernate file is part of the encrypted volume, so you can’t take it apart to get the bitlocker key without decrypting the drive anyway. Sleep is another matter, and may be what you’re referring to. If the machine is asleep, the memory is still active and you could potentially attack it this way.
http://blogs.technet.com/b/staysafe/archive/2008/02/24/defense-in-depth-vs-bitunlocker-how-to-defeat-cold-dram-attacks-using-bitlocker-power-options-and-physical-security.aspx
http://support.microsoft.com/kb/2294019
I am suggesting BitLocker for our company. We are currently using HP ProtectTools, since we are HP branded and it’s free software. Per our experiences, using HP PT makes it extremely difficult to recover user data when the laptop is unable to boot into the OS.
I like BitLocker because it encrypts quicker and it’s easier to recover user data (as long as you have the recovery key), but the one thing holding me back is…there is no pre-boot authorization.
If the laptop is stolen, could a “hacker” use an Admin Password boot CD to clear the admin password? Essentially, having access to logging in as the local admin and stealing files.
I am thinking the combination of HP’s DriveLock feature along with BitLocker would be a nice alternative to using HP ProtectTools.
Why would anyone even consider softwrae based encryption today? State of the art is self encrypting drives where the encryption/decryption is embedded in in a dedicated hardware chip on the drive controller. These drives are available from Seagate, Hitcachi, Samsung, Micron etc. PC OEMs like DELL, HP and Lenovo supply them today. Further info at http://www.trustedcomputinggroup.org
Wow this is a sad waste of a #1 google search result. Please fix the article. This effected all the software for encryption back in um 2008 for SLEEP states. Here are the main points you are missing:
1. There are two types of encryption – Neato, and Safe Harbor. You like neato, the rest of us like staying out of court so we go with the not so neato FIPS-140-2 certified boring stuff. Neato is always as flawed if not more than the old school tried and true. I would love to pay someone to put some finishing polish on truecrypt and use it in an enterprise, it will never happen. Nobody will pay a salary for someone to be accountable for truecrypt to be certified.
2. Truecrypt is as flawed if not more than bitlocker. How do you integrate with your LDAP directory in a few minutes for an entire enterprise? I did it with an AD and bitlocker, have done it with checkpoint/AD and pgp/AD. Time is money. Nobody has money to hire a Linux developer to prove you right.
3. Hardware doesn’t get you in to the enterprise management safe harbor of NIST special publication 800-111. Or 99 or any of the reasonable ones used for just about every audit process there is. Hardware based sure is nice for the Inspiron you bought instead of a latitude or precision. Just shows you don’t know what a business line of computers is. Try calling your business rep for help on that. Oh wait, it is obvious you don’t have one. There are very few “business” class laptops without TPM as of about 5 years ago.
4. Stop being a click troll. You know your stuff decently well. Just update real quick and provide a service to the intarwebs. You are only 15-20 minutes of research away from a bunch of brilliant corrections and a great article that has #1 results for a few different searches.
awkuhn failed to disclose that he is a shareholder in WAVX and hopes to make money if people take action on his suggestion.
How is this flaw any different from obtaining the decryption keys for TrueCrypt or FileVault 2 encrypted volumes using PassWare Kit?
http://www.lostpassword.com/hdd-decryption.htm
http://www.tuaw.com/2012/02/03/apple-filevault-2-encryption-cracked-but-dont-panic/
Once you have physical access to a computer, all bets are off.
“Any encryption is better than none though despite the flaw that Bitlocker has.”
I would disagree, Mike. Easily-broken encryption is *worse* than none because it can lead to risky behavior based on a false sense of security. As an example, I direct your attention to the Enigma machines used by Germany in WWII, and Operation Ultra.
It’s the same reason I despise Norton Anti-virus; people who have it installed think they are protected, when in fact they are significantly less safe than they would be with Microsoft Security Essentials (which is also free, vs. Norton’s $60/year pricetag).
Please for the love of G**, do not call MSE secure…
Provide some evidence to back up your claims, or please be quiet.
I wrote an article about the working of Enigma back in the days. 30 pages full of wonderful information, man I do love encryption ;)
Thanks for the interesting article.
Does using BitLocker with TPM + PIN resolve any of the issues with the hibernation bug, or will the key from the hibernation file bypass the TPM (and therefore the PIN)?
Also doesn’t BitLocker encrypt the hibernation file in the first place? How would Mr. Bad Guy get the key from the hibernation file that is already encrypted?
Is it really sooo secure?
NSA has the key and there are already programms out there that crack the encryption.
Besides TPM is not needed…
I think you mean ” Microsoft needS…”, not Microsoft need.