From 5543713bcc40f192e5e8f012c70adfc0b3dd427f Mon Sep 17 00:00:00 2001 From: Julius Figge Date: Sat, 26 Aug 2023 12:56:54 +0200 Subject: [PATCH] on bitlockers default configuration --- .../false-sense-of-security-bit-bitlocker.md | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 content/blog/security/false-sense-of-security-bit-bitlocker.md diff --git a/content/blog/security/false-sense-of-security-bit-bitlocker.md b/content/blog/security/false-sense-of-security-bit-bitlocker.md new file mode 100644 index 0000000..6d6ec94 --- /dev/null +++ b/content/blog/security/false-sense-of-security-bit-bitlocker.md @@ -0,0 +1,42 @@ +--- +title: Bitlocker offers a deceptive sense of security +description: The standard configuration of Windows Disk Encryption BitLocker can create a misleading impression of safety due to the fact that it transmits the Decryption Key in plaintext during boot, thus allowing the encryption to be bypassed by intercepting the key. +date: 2023-08-26 +tags: + - security + - bitlocker + - windows + - tpm + - deceptive security +--- + +## What makes BitLocker less secure? + +BitLocker is a reliable method for encrypting your Windows installation, suitable for both personal and business purposes. +Using BitLocker is acceptable and advisable. +Problematic is the default way the Decryption is implemented and configured. +By default Bitlocker relies on transporting the Decryption Key for the encrypted partition in cleartext from the TPM to the CPU. + +The emergence of a new report on this vulnerability has reminded me of the potential issues raised by this approach. [1] +But this should not come as a surprise, as there was already an article on arstechnica in 2021 covering the same problem. [2] +This implementation presents a vulnerability as it allows for the interception of traffic between the TPM and CPU, enabling attackers to bypass disk encryption with relative ease using low-cost and relatively simple hardware. + +The issue in this case is that, in theory, TPMs enable the use of encrypted sessions that could mitigate passive sniffing attacks, similar to how it is implemented on Linux with LUKS.[3] + +### What can be done about this? +Microsoft already provides clear documentation on BitLocker in their FAQ, recommending the addition of a PIN for the decryption process to begin. [4] +This method provides sufficient mitigation with relative ease. [5] + +### Takeaway - Or why Linux/Luks/ZFS require Pin-Input for the Boot process to begin +The standard BitLocker implementation can give an inaccurate perception of security. +While it would be possible for Microsoft to upgrade the TPM communication to encrypted traffic, thereby mitigating the vulnerability, a more effective solution would be to require the user to set a pin for the Boot process. +Currently, this is the standard for Linux-based systems. + +*So, if anyone asks why a password is required for encrypted Linux installations to boot while Windows can boot without one, now you know.* + +### Sources +[1] - Bypassing Bitlocker using a cheap logic analyzer on a Lenovo laptop, Guillaume Quéré +[2] - Trusted platform module security defeated in 30 minutes, no soldering required, DAN GOODIN +[3] - Hacker News, als0 +[4] - Prepare an organization for BitLocker: Planning and policies, paolomatarazzo +[5] - Bitlocker – Activate Pre-Boot Bitlocker PIN, Andy \ No newline at end of file