Microsoft researchers use multiple zero-days to break BitLocker
Problems with Windows Recovery Environment (WRE).
Flaws in the Windows OS can let attackers break into BitLocker-protected drives. Every lost or stolen enterprise laptop could be a ticking time bomb.
The vulnerabilities were discovered by Microsoft researchers and have since been fixed - but the implications are worth noting.
What is BitLocker
But first, what is BitLocker? BitLocker is a Windows security feature, released in 2006, that encrypts entire storage drives to protect data from unauthorised access.
Did you know: You can remove the storage drives of PCs and most laptops to make a copy of the data?
Think of the data in:
- Stolen or misplaced laptops.
- Data theft from unattended laptop.
BitLocker was created to address this problem, by encrypting the entire drive. For added safety, decryption keys are stored in a special non-removable hardware called the Trusted Platform Module (TPM).
Problem solved. Oh wait.
Weak point discovered
Two researchers at the Security Testing & Offensive Research at Microsoft (STORM) team found multiple problems in Windows Recovery Environment (WinRE) that break BitLocker.
To be clear, WinRE predates BitLocker. It was designed to help Windows recover from bad crashes that stop it from booting. When BitLocker came along, WinRE was updated to work with it.
Well, the researchers found 4 separate zero-day (novel) attacks that, when used together, unlocks a BitLocker-protected drive - within minutes.
Boom. No password, decryption key, or brute forcing needed.
It's patched but...
As mentioned earlier, fixes were rolled out in July, ahead of the public disclosure last week. Just ensure your Windows systems are patched, and you are good.
However, it's worth noting that:
- Old Windows PC or laptops that were previously powered down and put away before July's set of patches will retain this vulnerability.
- This is a sombre reminder that all encrypted data can potentially be compromised, either by newly discovered flaws or future technologies like quantum computing.
And oh, BitLocker is only available on the Pro version of Windows. Without it enabled, your password is really a tissue-thin veneer.
