BitLocker: encryption method for Windows is not as safe as you thought

Published November 19th, 2015 - 06:11 GMT

Bitlocker is believed to be the most suitable encryption method for your Windows operating system, until a researcher revealed critical information on how it is not the greatest of solutions if you want to protect your data from the wrong hands. Security researcher Ian Haken states that BitLocker does not require the use of sophisticated tools or exploits in order to be bypassed. If the computer system is indeed running older security patches, then using BitLocker will be the least effective security tool over here.

The Synopsys security firm employee detailed a vulnerability that could allow a hacker to bypass the authentication side and easily decrypt drives encrypted with BitLocker. However, before individuals who are intending to be up to no good, they should read the following bits below. In order to successfully bypass security, the attacker will have to make sure that the target system is enabled without a PIN or USB.

Instead the system be joined through a domain network and the hacker needs to be present there himself in order for the process to be successful. In other words, this process cannot be carried out wirelessly or from the hacker’s own lair.

DATA_ART_861306

Haken has explained the following regarding the process of hacking into a target system that uses BitLocker.

“The attacker needs to set up a Kerberos Key Distribution Center (KDC), needs control of the network communication and needs to direct communication to the attacker-controlled “mock” domain controller. By connecting the machine to the mock domain controller (DC), the attacker can trigger a password reset action, thus gaining access to the encrypted drives.”

The chances of success according to Haken stand at a 100 percent, meaning that you should update the security patches of your operating system. Even without the use of sophisticated methods or exploits, it is amazing to see how vulnerable these operating systems are.


© Future Publishing Limited Quay House, The Ambury, Bath BA1 1UA. All rights reserved

You may also like