BitLocker encryption of a hard drive is included with some versions of Windows Vista and Windows 7 but isn’t enabled by default – you have to set it up. In Windows 7 you can use BitLocker To Go – BitLocker on a removable device such as a USB drive. Trusted Platform Module is “…both the name of a published specification detailing a secure cryptoprocessor that can store cryptographic keys that protect information, as well as the general name of implementations of that specification…”. Up until now, most people thought that BitLocker encryption on a TPM equipped computer made the data on that computer invulnerable to any method of breaking the encryption. It was thought that, if you didn’t have the key (or lost or forgot it), the data was inaccessible.
Researchers at the security labs of Fraunhofer SIT have successfully broken the BitLocker encryption on a TPM equipped computer without knowing the key. The attack is based on the ‘Evil Maid’ scenario, where an attacker – like a maid in a hotel – has physical access to the target on two separate occasions. On the first visit, the attacker boots the target machine from a USB, CD or other device – not from the target’s hard drive. The attacker replaces the BitLocker boot code “…with code designed to record the user-provided key – such as a password – in an unencrypted portion of the hard disk.” Then the original state of the boot loader is restored. On a second visit, the attacker recovers the key and is able to decrypt and access the data.
I concede that the scenario is unusual and not likely – but it isn’t impossible. This reproves that, if someone has physical access to a computer and sufficient time to work on it, they can defeat almost all security measures – and that people are the weakest link in the security chain. Microsoft is aware of the attack and has not commented yet – the research paper describing the attack is here.
UPDATE: Microsoft has made a general comment at The Windows Security Blog here.