Windows BitLocker Encryption keys can be Sniffed after all and it is quite Concerning!

It is a well-known fact that if something is assigned the task of security, people try their best to find any kind of loophole or weakness in it, before fully trusting it. The same has happened recently with Microsoft Windows BitLocker encryption keys.

BitLocker is a full volume encryption system. It is ported with higher-end versions of Windows, since Vista came out. For it to be fully functional for Windows 10, it is necessary that you upgrade to Pro or higher versions with a TPM (Trusted Platform Modules) 1.2 or 2.0 chip.

As discussed above, being given such a crucial responsibility, it is important to make sure whether it can survive the most critical of security tests. Many researchers have been looking for weaknesses in the platform. Pulse Security’s Denis Andzakovic has recently spotted a vulnerability.

He claims that BitLocker doesn’t require a user’s PIN or password to boot encrypted devices and just a regular Windows login is enough.

This approach helps in a way that it will not allow hackers or anyone else to access the drives, as long as they don’t have the correct login credentials. In addition to that, porting the drive to another device will not work either due to the fact that the original system’s TPM has the encryption key secured.

However, there still remains one way how the target computer can be attacked and that is if the encryption key is somehow discovered after booting the target machine, as it is being ported across Low Pin Count (LPC) bus, from TPM.

Thus, using any device without any sort of extra security is not recommended by Microsoft. It is always important to use a pin or a multi-factor authentication.
Denis Andzakovic’s test attack led him to figure out the Volume Master Key (Encryption Key) of the targeted device, after using a sniffer tool. He was able to figure out the Key from the LPC bus, by executing a boot. He tried it multiple times and it worked every single time.

The best defense can be exactly what Microsoft has been advising for so long and that is to avoid BitLocker with TPMs in the state where security is crucial.

An ever better approach is to configure a USB drive comprising of the startup key or set up PIN access. To add icing on the cake, add multi-factor authentication too by utilizing both of these concurrently.

Read Next: From Microsoft to Google to Facebook: The 20 Biggest Tech Companies That Dominate The Web (infographic)
Previous Post Next Post