My question isn't about whether or not the encryption on Bitlocker works, but whether or not there has been any security audits about potential backdoors Microsoft may have installed. I don't have a lot of trust that Microsoft wouldn't install deliberate backdoors into their software like this. I know I saw some reports that the government requested Microsoft add backdoors, but I am not sure if anything like that went forward.
Asked
Active
Viewed 4,924 times
4
-
4Bitlocker is closed source, so the backdoor question is unanswerable except by Microsoft. Ultimately, the decision to trust them is up to you. – tlng05 Jun 08 '16 at 00:12
-
Buy if you read through the clutter it is not really a question if there are backdoors, but if BitLocker was independently audited. – techraf Jun 08 '16 at 00:25
-
It is trusted by CESG (UK government) when configured in a specific way. However, that itself could argue either way - as a government agency, they might have an interest in being able to access locked data, or in preventing others from accessing their data. Even an audit wouldn't solve this - if there is an encryption backdoor, the only way to find it might be through knowing the key. Without being able to verify the whole chain from code to deployment, including machines and compilers used, it's just not possible to say. – Matthew Jun 08 '16 at 09:34
3 Answers
6
Any time you install software from a vendor or project you are placing trust in that vendor or project not to have placed malicious code in there and also to have done a reasonable job of securing it.
Some people may suggest that open source is the answer to this, but without repeatable builds and a full source code audit done by someone you trust, there's less benefit to this than you might think to ordinary users.
Like most things in security this comes down to your threat model. If you don't trust Microsoft, then sure don't use their software. Bitlocker frankly is the least of your worries. if MS want to compromise you they can just trojan a security update (you do install security updates, right...).. Of course this is true whatever OS and application software you use. OSX, Apple can compromise you, Debian linux, the debian project can compromise you.
Realistically a better question is "is it likely that they want to"?
Rory McCune
- 60,923
- 14
- 136
- 217
-
2I'm not at all worried about Microsoft installing trojans on their customers' computers, even though technically it would be trivial. If such a case would become public, it would be a tremendous blow to Microsoft's business, as people would be switching to other operating systems. Creating a backdoor or a weakness in BitLocker for law enforcement to use is a much more credible threat in my opinion. – Miscreant May 05 '17 at 12:07
4
If you don't trust Microsoft, don't use Windows. Using Bitlocker doesn't make you more vulnerable to backdoors that Microsoft may have introduced. Cryptographic software is actually not the best place to put a backdoor: it has a fairly narrow job, it would be impossible to reliably hide what it's doing from someone running a debugger, and it would be rather cumbersome to extract the information that it stores. Sure, Bitlocker might use weaker encryption than what it claims, but someone who wanted your data would still need to have access to your machine to get at least the ciphertext.
If Microsoft wants to plant a backdoor, they can easily put one in the Windows kernel, which they made. It's hard to know what the kernel is doing: you can't trust a debugger that's running inside Windows, you'd have to run it in a virtual machine — and a stealthy backdoor might run differently or simply disable itself in a virtual machine (a lot of malware disables itself if it detects that it's running in a VM). If the system continuously exfiltrates information, even if that's done by the kernel, then it can be detected by network equipment. But if the kernel has a backdoor that makes it start exfiltrating only when it receives a certain signal, that's practically impossible to find out.
To put it another way, “is Bitlocker trustworthy?” is the wrong question. The right question is “is the trusted base of Bitlocker trustworthy?”, and the trusted base of Bitlocker includes a large part of Windows. Singling out Bitlocker doesn't make any sense. (Maybe suspecting Bitlocker is what “they” want you to do, so that you don't protect your data and so make “their” job easier!)
Gilles 'SO- stop being evil'
- 50,912
- 13
- 120
- 179
2
Is Bitlocker trustworthy?
No, because it does not provide a source code, therefore you cannot successfully verify if there are default system/admin ways to access it. Auditing it cannot fully cover all aspects, so therefore the audit is only valid form a functionality point of view.
There are alternatives that pre-date it and also offer the source code. If you really want something trustworthy, use one of these alternatives.
Additional note: given what Windows 10 is doing, there's a relatively small chance for Bitlocker not to have a way to be accessed by its designers.
-
1I agree with the analysis, I disagree with the conclusion. Is bitlocker trustworthy? Depends on who you trust. Can Bitlocker be verify-ably be proven to the trustworthy? HELLS NO. – Aron Jun 08 '16 at 09:19
-
Further point. ***puts on tin foil hat*** Even if the Microsoft devs released the source code it would not be verify-ably proven to the trustworthy. There is no guarantee that the software you are running is purely the compiled output of the source they release. The source might have been altered before building (e.g. Chrome vs Chromium). The compiler could have been compromised. The binaries might have been altered, before/during/after installation. – Aron Jun 10 '16 at 05:48
-
That is correct Aron, but at least in that case we could compile our own verified version. Not the case though, since MS will never allow source code release. – Overmind Jun 10 '16 at 06:00
-
Fun fact! If you could build your own, then it wouldn't run on your motherboard (unless you turn off secureboot). Which then opens another can of worms (called rootkit). – Aron Jun 10 '16 at 06:03
-
I never use secureboot. I want to have as much access to my system as possible and I use my own boot, which with in conjunction to my command centers prevent probably any root-kits.. And no...I don't use anti-virus either. – Overmind Jun 10 '16 at 06:20
-
At the very least your strategy would not protect you against blue pill attacks. Again, I have my tin foil hat securely on. Which if the entire point of secure boot. – Aron Jun 10 '16 at 06:24
-
Why not ? I'm quite sure I monitor things well enough to prevent a L1 or 2 PB. My command center informs me if there are any changes to bootloader files, some specifically monitored system/OS files and unauthorized / stealthy memory allocations. There may me something I'm missing, I never exclude that, but I'm confident that such an infiltration is impossible to happen undetected. – Overmind Jun 10 '16 at 06:39
-
Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/40971/discussion-between-aron-and-overmind). – Aron Jun 10 '16 at 06:41
-
Unless OP intends to review the sourcecode themselves, having it available just shifts the trust from the author/vendor to the reviewer (i.e. do you trust the reviewer to have done it right) and also doesn't solve the problem (unless you use the exact build created by the reviewer). Also interested to know what these products are that you're speaking of? – Rory McCune Jun 12 '16 at 18:48
-
As example product, TrueCrypt is open source and there are even other programs developed with this source base when the initial team stopped development. Practically, you can improve, adapt and compile your own version at any time. – Overmind Jun 14 '16 at 05:45
-
@Overmind _"given what Windows 10 is doing"_ Can you shed some light on that? – 41686d6564 stands w. Palestine Sep 03 '18 at 15:26