Back with the Windows Vista launch, Microsoft delivered a new tool that aimed to protect its customer’s data with sophisticated encryption and a hardware-based switch that would either allow or deny access to said data. The hardware side of things requires a TPM chip on the motherboard, and with the help of BitLocker, an encryption key is stored, and required for future access to the data on the drive.
For the most part, this is a very, very secure solution. Microsoft uses a 128-bit AES algorithm to protect the data, and if someone takes the drive out of the machine and runs off with it, they’re not going to be able to touch the data, as they wouldn’t have access to the TPM encryption key, which absolutely has to exist. If not, the drive is essentially useless (although I believe it can be formatted and re-used).
So if BitLocker isn’t entirely new, why am I bringing it up? Because it’s finally been “cracked”, and it’s something to be aware of. There are some caveats, though, so I wouldn’t write the technology off, because BitLocker is far from being the only HDD encryption scheme that suffers a major flaw, one that software firm Passware takes full advantage of.
In a scenario where an encryption key is used to authorize access, it’s normally stored in the system memory. If you can tap into the memory, and grab the keys, then you could later use software to work on them to end up bypassing the protection scheme. That’s what Passware does. With an image of the system RAM (it might also work with the machine booted on, I’m unsure), it will find and match the appropriate keys in order to allow you access to the drive, and according to the company, this takes mere minutes.
The software itself costs $795, so it’s somewhat exclusive, but if someone malicious wants your data, then chances are the same user would simply go and pirate it, meaning it’s going to be a tool that’s available to anyone who takes that route. In the end, BitLocker is still very secure, and even if someone takes the drive out of your machine and runs off with it, they’ll have no access to the data. So, very specific conditions must first be met, but it’s still a flaw to keep in mind if you need BitLocker to protect extremely important data.
Passware claims that full disk encryption was a major problem for investigators and that its tool helps police, law enforcement, and private investigators bypass BitLocker encryption for seized computers. That may be, but since this is a commercially available product, anyone with $795 can now circumvent the encryption. Add to that the fact that previous versions of this software have been pirated (version 9.0 was released earlier this year), and it’s only a matter of time before even the price point doesn’t matter.