BitLocker compromised?

https://diskcryptor.org/why-not-bitlocker/

Some excerpts from the article:

Microsoft did not care to audit the various Self-Encrypting Drives (SEDs) hence leaving millions of its users with practically no security what’s o ever. As at the CCC in December of 2018 during the talk Self-encrypting deception independent security researchers have demonstrated live on stage how to bypass the hardware encryption of many SSD models using a ~20€ µC programmer/debugger. Demonstrating that for the past 6 years users of BitLocker and such drives were entirely compromised and did not even knew it. To alleviate this issue the user would have to know about it and use a Groupe Policy to disable this feature. It took Microsoft until late 2019 to change the preset and by default no longer trust SEDs.

TPMs can’t be trusted

By default, Microsoft BitLocker is using the Trusted Platform Module (TPM), to manage the keys, if one is present. Sound’s good until you realize that you can sniff the LPC bus and extract the volume master key, now isn’t that handy…

For your expedience BitLocker can be temporarily suspend

BitLocker in Windows 10 can be configured to store the encryption keys in “the clear” this allows you among other things “Restarting the computer for maintenance without requiring user input”, “Turning off (disabling) or clearing the TPM…”, “Moving a BitLocker-protected drive to another computer…”, etc… so what this feature does is to store a encryption key in plaintext on the drive itself.

Yes, a secret key that is supposed to ensure your security is write in plaintext i.e. unencrypted to the very same disk drive it is supposed to protect, all for your expedience…

BitLocker uploades your recovery keys to the cloud without asking

If you are using windows 10 with a Microsoft account windows will “save” your BitLocker recovery keys in your Microsoft account. This is done automatically and without an option to opt out, as described here now granted if you care about your privacy you shouldn’t use a Microsoft account at all, but the mere existence of this option is a huge red flag and a threat in itself…

There’s another great article explaining an implementation flaw in BitLocker that allows accessing data that is encrypted by Bitlocker during system updates.

https://www.securitum.com/how_to_access_data_secured_with_bitlocker_do_a_system_update.html

Some excerpts from the article:

However, this is not very comforting, because if during the update someone managed to obtain the contents of the FVEK key, they will still be able to decrypt our disk without the need for any password or other key.

At this point, it is very important to understand that the presented operation of the mechanism is not a bug or a vulnerability. This is a design decision made by Microsoft. The way BitLocker works.

Microsoft’s solution creates situations that can cause problems and temporarily stop BitLocker from protecting our data.

3 Likes

NO!! WAY!! what, why and how???

I disagree with parts of this. Microsoft made some of these decisions because they wanted maximum usability instead of maximum security by default, which I find to respectable especially because device encryption is usually enabled by default on laptops and the like. Microsoft acknowledges themselves that default BitLocker without preboot authentication is only meant to defend against passive attackers.

Edit 6 days later: and frankly, I agree with Microsoft that the average consumer can’t be trusted to properly store a 48-character recovery password.

2 Likes