Breaking Bitlocker
-
@Breffni-Potter said in Breaking Bitlocker:
Bitlocker can be cracked in seconds if certain conditions are met and most travelling laptops meet those conditions.
The cost of the tool to do it? Freely available on the internet and the dark web.
Yeah, I don't remember the details. The basic security rule of "If they can touch it, they can own it" still applies. Just gives you protection from the unsophisticated.
-
@travisdh1 said in Breaking Bitlocker:
@Breffni-Potter said in Breaking Bitlocker:
Bitlocker can be cracked in seconds if certain conditions are met and most travelling laptops meet those conditions.
The cost of the tool to do it? Freely available on the internet and the dark web.
"If they can touch it, they can own it" still applies.
I definitely agree. Just curious of any specific software or techniques that people might be privy to.
-
Instead of giving the whole method, I'll give you the prevention.
Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.
If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.
-
@Breffni-Potter said in Breaking Bitlocker:
Instead of giving the whole method, I'll give you the prevention.
Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.
If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.
We disable that, normally, for other reasons. That would protect us a bit, just by chance.
-
@scottalanmiller said in Breaking Bitlocker:
@Breffni-Potter said in Breaking Bitlocker:
Instead of giving the whole method, I'll give you the prevention.
Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.
If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.
We disable that, normally, for other reasons. That would protect us a bit, just by chance.
Most people leave their machines in hibernate or sleep mode though.
In essence, if the machine was logged into and in a powered on state. It is vulnerable to an attacker.
Another reason for shutting machines down completely.
-
@Breffni-Potter said in Breaking Bitlocker:
Instead of giving the whole method, I'll give you the prevention.
Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.
If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.
Yea I remember that when it came out. I don't let them hibernate for that reason.
-
@Breffni-Potter said in Breaking Bitlocker:
@scottalanmiller said in Breaking Bitlocker:
@Breffni-Potter said in Breaking Bitlocker:
Instead of giving the whole method, I'll give you the prevention.
Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.
If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.
We disable that, normally, for other reasons. That would protect us a bit, just by chance.
Most people leave their machines in hibernate or sleep mode though.
In essence, if the machine was logged into and in a powered on state. It is vulnerable to an attacker.
Another reason for shutting machines down completely.
Right, although it is important to note that it is not Bitlocker being broken, it's Bitlocker not being used.
-
@scottalanmiller said in Breaking Bitlocker:
@Breffni-Potter said in Breaking Bitlocker:
@scottalanmiller said in Breaking Bitlocker:
@Breffni-Potter said in Breaking Bitlocker:
Instead of giving the whole method, I'll give you the prevention.
Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.
If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.
We disable that, normally, for other reasons. That would protect us a bit, just by chance.
Most people leave their machines in hibernate or sleep mode though.
In essence, if the machine was logged into and in a powered on state. It is vulnerable to an attacker.
Another reason for shutting machines down completely.
Right, although it is important to note that it is not Bitlocker being broken, it's Bitlocker not being used.
Mmmm, I'm not sure about that definition.
To the end user, Bitlocker is a transparent service and a lot of IT admins would assume that a Bitlocker encrypted system is not vulnerable based on a switched on machine.
The Bitlocker docs don't say 'we don't protect you under scenario XYZ" so how would someone find out about that easy exploit?
-
@Breffni-Potter said in Breaking Bitlocker:
@scottalanmiller said in Breaking Bitlocker:
@Breffni-Potter said in Breaking Bitlocker:
@scottalanmiller said in Breaking Bitlocker:
@Breffni-Potter said in Breaking Bitlocker:
Instead of giving the whole method, I'll give you the prevention.
Disable hibernation. Do not let any machine have hibernation mode if you want to use Bitlocker.
If an attacker gains ahold of the machine whilst in hibernate, they can and will unlock all the data.
We disable that, normally, for other reasons. That would protect us a bit, just by chance.
Most people leave their machines in hibernate or sleep mode though.
In essence, if the machine was logged into and in a powered on state. It is vulnerable to an attacker.
Another reason for shutting machines down completely.
Right, although it is important to note that it is not Bitlocker being broken, it's Bitlocker not being used.
Mmmm, I'm not sure about that definition.
To the end user, Bitlocker is a transparent service and a lot of IT admins would assume that a Bitlocker encrypted system is not vulnerable based on a switched on machine.
The Bitlocker docs don't say 'we don't protect you under scenario XYZ" so how would someone find out about that easy exploit?
End users are not a factor. That Bitlocker has one job and does it well doesn't change. That Bitlicker is disabled or we are "past that point" doesn't mean that Bitlocker failed, it just isn't engaged.
That's like saying that passwords fail because people leave their machines unlocked. That's not what that means.
-
Anyone who thinks that disk encryption protects a machine that is decrypted is just wrong. Them being wrong is the issue. In no way does it imply that the service failed or is vulnerable.
It's like saying your seatbelt failed when you decided not to wear it.
