Microsoft dismissed recently-disclosed threats to its BitLocker disk-encryption technology as “relatively low risk,” noting that attackers must not only have physical access to a targeted PC, but must manipulate the machine two separate times.
The company's move was prompted by a paper published by five German researchers at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT), a Darmstadt, Germany-based security company. In the paper, the researchers spelled out multiple attack scenarios criminals could use to access files protected by BitLocker.
BitLocker, which Microsoft debuted in higher-end versions of Windows Vista, is included only in Windows 7 Ultimate and Windows 7 Enterprise, available only to companies and organizations that buy Windows licenses in volume, as well as Windows Server 2008 and Server 2008 R2. The software encrypts disk volumes and locks them with a PIN, USB-based key device or, if the computer includes one, a Trusted Platform Module (TPM) chip.
The Fraunhofer SIT researchers spelled out five attack possibilities, including one where the attacker boots the PC from a flash drive and replaces the BitLocker bootloader with a substitute bootloader that spoofs the PIN request process, then snatches the PIN and saves it to disk or sends it elsewhere using the computer's wireless connection. Later, the attacker must revisit the PC to use the purloined PIN to access the BitLocker-protected data.
Microsoft scoffed at such scenarios.
“This sort of targeted attack poses a relatively low risk to folks who use BitLocker in the real world,” said Paul Cooke, a senior director at Microsoft who looks after the operating system's security features.
In a post to the Windows Security blog, Cooke acknowledged that the Fraunhofer SIT researchers were right. “Even with BitLocker's multi-authentication configurations, an attacker could spoof the pre-OS collection of the user's PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user's PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user's PIN and complete the attack scheme.”
Cooke downplayed the threat and argued that that research broke no new ground. “These sorts of targeted threats are not new and are something we've addressed in the past; in 2006 we discussed similar attacks, where we've been straightforward with customers and partners that BitLocker does not protect against these unlikely, targeted attacks.”
The Fraunhofer SIT five-some admitted that the attacks they outlined were essentially useless in what they called “opportunistic” attacks, which they defined as “easily obtained under common real-world conditions.” Instead, the attack vectors they detailed required physical access to the targeted machine.
They also noted that their attack scenarios didn't exploit an actual vulnerability in BitLocker. “Our attack demonstration does neither imply a bug in BitLocker, nor renders it Trusted Computing useless,” said two of the researchers in an entry on the Fraunhofer SIT blog. “BitLocker still works as well as other disk encryption products, it only fails to fulfill an unrealistic, yet common, expectation.”
The pair also posted a video demonstrating the spoofed bootloader attack on the blog.