ML
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups
    • Register
    • Login

    Breaking Bitlocker

    Scheduled Pinned Locked Moved IT Discussion
    15 Posts 5 Posters 1.3k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • travisdh1T
      travisdh1 @Deleted74295
      last edited by

      @Breffni-Potter said in Breaking Bitlocker:

      Bitlocker can be cracked in seconds if certain conditions are met and most travelling laptops meet those conditions.

      The cost of the tool to do it? Freely available on the internet and the dark web.

      Yeah, I don't remember the details. The basic security rule of "If they can touch it, they can own it" still applies. Just gives you protection from the unsophisticated.

      bbigfordB 1 Reply Last reply Reply Quote 0
      • bbigfordB
        bbigford @travisdh1
        last edited by

        @travisdh1 said in Breaking Bitlocker:

        @Breffni-Potter said in Breaking Bitlocker:

        Bitlocker can be cracked in seconds if certain conditions are met and most travelling laptops meet those conditions.

        The cost of the tool to do it? Freely available on the internet and the dark web.

        "If they can touch it, they can own it" still applies.

        I definitely agree. Just curious of any specific software or techniques that people might be privy to.

        1 Reply Last reply Reply Quote 1
        • Deleted74295D
          Deleted74295 Banned
          last edited by

          Instead of giving the whole method, I'll give you the prevention.

          Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.

          If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.

          scottalanmillerS prcssupportP 2 Replies Last reply Reply Quote 3
          • scottalanmillerS
            scottalanmiller @Deleted74295
            last edited by

            @Breffni-Potter said in Breaking Bitlocker:

            Instead of giving the whole method, I'll give you the prevention.

            Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.

            If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.

            We disable that, normally, for other reasons. That would protect us a bit, just by chance.

            Deleted74295D 1 Reply Last reply Reply Quote 0
            • Deleted74295D
              Deleted74295 Banned @scottalanmiller
              last edited by

              @scottalanmiller said in Breaking Bitlocker:

              @Breffni-Potter said in Breaking Bitlocker:

              Instead of giving the whole method, I'll give you the prevention.

              Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.

              If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.

              We disable that, normally, for other reasons. That would protect us a bit, just by chance.

              Most people leave their machines in hibernate or sleep mode though.

              In essence, if the machine was logged into and in a powered on state. It is vulnerable to an attacker.

              Another reason for shutting machines down completely.

              scottalanmillerS 1 Reply Last reply Reply Quote 1
              • prcssupportP
                prcssupport @Deleted74295
                last edited by

                @Breffni-Potter said in Breaking Bitlocker:

                Instead of giving the whole method, I'll give you the prevention.

                Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.

                If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.

                Yea I remember that when it came out. I don't let them hibernate for that reason.

                1 Reply Last reply Reply Quote 0
                • scottalanmillerS
                  scottalanmiller @Deleted74295
                  last edited by

                  @Breffni-Potter said in Breaking Bitlocker:

                  @scottalanmiller said in Breaking Bitlocker:

                  @Breffni-Potter said in Breaking Bitlocker:

                  Instead of giving the whole method, I'll give you the prevention.

                  Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.

                  If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.

                  We disable that, normally, for other reasons. That would protect us a bit, just by chance.

                  Most people leave their machines in hibernate or sleep mode though.

                  In essence, if the machine was logged into and in a powered on state. It is vulnerable to an attacker.

                  Another reason for shutting machines down completely.

                  Right, although it is important to note that it is not Bitlocker being broken, it's Bitlocker not being used.

                  Deleted74295D 1 Reply Last reply Reply Quote 2
                  • Deleted74295D
                    Deleted74295 Banned @scottalanmiller
                    last edited by

                    @scottalanmiller said in Breaking Bitlocker:

                    @Breffni-Potter said in Breaking Bitlocker:

                    @scottalanmiller said in Breaking Bitlocker:

                    @Breffni-Potter said in Breaking Bitlocker:

                    Instead of giving the whole method, I'll give you the prevention.

                    Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.

                    If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.

                    We disable that, normally, for other reasons. That would protect us a bit, just by chance.

                    Most people leave their machines in hibernate or sleep mode though.

                    In essence, if the machine was logged into and in a powered on state. It is vulnerable to an attacker.

                    Another reason for shutting machines down completely.

                    Right, although it is important to note that it is not Bitlocker being broken, it's Bitlocker not being used.

                    Mmmm, I'm not sure about that definition.

                    To the end user, Bitlocker is a transparent service and a lot of IT admins would assume that a Bitlocker encrypted system is not vulnerable based on a switched on machine.

                    The Bitlocker docs don't say 'we don't protect you under scenario XYZ" so how would someone find out about that easy exploit?

                    scottalanmillerS 1 Reply Last reply Reply Quote 1
                    • scottalanmillerS
                      scottalanmiller @Deleted74295
                      last edited by

                      @Breffni-Potter said in Breaking Bitlocker:

                      @scottalanmiller said in Breaking Bitlocker:

                      @Breffni-Potter said in Breaking Bitlocker:

                      @scottalanmiller said in Breaking Bitlocker:

                      @Breffni-Potter said in Breaking Bitlocker:

                      Instead of giving the whole method, I'll give you the prevention.

                      Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.

                      If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.

                      We disable that, normally, for other reasons. That would protect us a bit, just by chance.

                      Most people leave their machines in hibernate or sleep mode though.

                      In essence, if the machine was logged into and in a powered on state. It is vulnerable to an attacker.

                      Another reason for shutting machines down completely.

                      Right, although it is important to note that it is not Bitlocker being broken, it's Bitlocker not being used.

                      Mmmm, I'm not sure about that definition.

                      To the end user, Bitlocker is a transparent service and a lot of IT admins would assume that a Bitlocker encrypted system is not vulnerable based on a switched on machine.

                      The Bitlocker docs don't say 'we don't protect you under scenario XYZ" so how would someone find out about that easy exploit?

                      End users are not a factor. That Bitlocker has one job and does it well doesn't change. That Bitlicker is disabled or we are "past that point" doesn't mean that Bitlocker failed, it just isn't engaged.

                      That's like saying that passwords fail because people leave their machines unlocked. That's not what that means.

                      1 Reply Last reply Reply Quote 1
                      • scottalanmillerS
                        scottalanmiller
                        last edited by

                        Anyone who thinks that disk encryption protects a machine that is decrypted is just wrong. Them being wrong is the issue. In no way does it imply that the service failed or is vulnerable.

                        It's like saying your seatbelt failed when you decided not to wear it.

                        1 Reply Last reply Reply Quote 2
                        • 1 / 1
                        • First post
                          Last post