Is Windows BitLocker secure?

Question

Naturally I feel that I have to ask this question, since it's a built-in feature in Windows. Let's say someone has physical access to my PC, is there an easy way for them to access a BitLocker protected drive without physically tampering with the PC (such as hardware keyloggers)?

The Bitlocker recovery key (allowing decryption) is sent to your Microsoft online account by default on modern Windows. So, they have it. You see if you consider this secure. — Totor, Jan 21 '20 at 16:50

score 23 · Accepted Answer · answered Aug 11 '13 at 15:51

23

There is currently only one cold boot attack I know of that works against bitlocker. However it would need to be executed seconds after the computer has been turned off (it can be extended to minutes if the DRAM modules are cooled down significantly) but due to the timeframe of execution it's rather implausible. Bitlocker is secure as long as your machine is completely turned off when you store it (hibernate is also ok, but sleep needs to be disabled).

answered Aug 11 '13 at 15:51

Lucas Kauffman

54,169
17
112
196

13

Note that cold boot attacks are not specific to BitLocker, but can attack any of the commonly used disc encryption systems. There has been some efforts to keep the encryption key out of the RAM, like TRESOR (http://www1.informatik.uni-erlangen.de/tresor), but those are not ready for productive use yet. – Perseids Aug 11 '13 at 16:31
If the machine is off, there are no non-physical attacks that are effective. Network based attacks require a machine to be available on a network. – this.josh Aug 12 '13 at 06:35
1

→ Lucas, you are answering on the physical access risk & the OQ is focused on this risk. But this is the "north face" for heroes & I-agencies. – dan Jul 07 '14 at 21:00
1

I'd assume BIOS / keyboard firmware malware could also be used to sniff a disk password (or maybe re-decrypt the drive when booted under a specific configuration by an attacker) without involving hardware modifications. – Steve Dodier-Lazaro Apr 23 '15 at 08:55

score 8 · Answer 2 · edited Mar 17 '17 at 10:46

Perhaps you can see my question for some related comments on Bitlocker. I recommend Sami Laiho's talk on Building a Bullet Proof Bitlocker.

In general, Bitlocker is secure and is used by companies all over the world. You can't just extract keys out of the TPM hardware. Evil maid attacks are mitigated also since TPM will validate the pre-boot components to make sure that nothing has been tampered with. Booting into another OS like Linux to extract passwords or the data will not be possible also, since the TPM will not release its keys if it sees you're booting into another OS (even if it is another Windows OS).

If you pass the TPM's integrity check, then the keys will be released to be used for on-the-fly encryption and decryption. Failing which, you get a Bitlocker recovery key lockout, and must supply the recovery key in order to unlock the drive. The attacker should not be in possession of this key. Therefore, never put both the recovery key and your computer together.

Some answers alluded to various forensic tools. However, I am personally not convinced that they work on all systems. For example in TrueCrypt, the key is actually derived from the password which the user keys in. You cannot feasibly brute force AES. As for Bitlocker, the TPM is a hardware solution that stores the key. You can't extract the key with software.

Just to clarify, I am not suggesting that Bitlocker is 100% secure. Even AES crypto may be outwitted by supercomputers, or some systems don't have a TPM, or they may be ways to attack the TPM itself. Whether something is secure or "good enough" depends on your attacker-defender model (assumptions that are made), and how reasonable/feasible/probable those assumptions are. There may be zero-day exploits that no one knows about as well. — Kevin Lee, Dec 20 '16 at 10:16

score 6 · Answer 3 · answered Aug 12 '13 at 01:22

6

There is also the "Evil Maid" attack that could, in theory be used against any software disk encryption, as the boot loader needs to still be unencrypted. See Bruce Schneier's article about it from 2009. http://www.schneier.com/blog/archives/2009/10/evil_maid_attac.html

The general gist of the "Evil Maid" attack is that someone gets ahold of your laptop for a few minutes when it is unattended (for example, in your hotel room, hence the name) and loads a hacked bootloader into it. You then log in with your password via the hacked boot loader and it unlocks the drive, but also writes your password to a .txt file in the unencrypted part of the HDD. You leave your laptop alone again, they steal it with the password.

answered Aug 12 '13 at 01:22

Rod MacPherson

1,057
7
11

1

I use an SSD as a system drive, and then I have another drive for my files. I planned to leave the SSD unencrypted and only encrypt the HDD which holds the important stuff. Does that make the HDD secure? – astralbanana Aug 12 '13 at 20:09
1

@astralbanana No, it doesn't. An attacker can just install a keylogger or other malware on your PC and next time you type in your password, he gets the password anyway. – Florian Wendelborn Aug 07 '16 at 13:03

score 3 · Answer 4 · answered Jul 07 '14 at 20:53

If Windows is running, your drive mounted and hence unencrypted, and if your physical interfaces aren't protected against connection at the OS level, yes there are many ways to get your data out.

The biggest deception point is that this access to your BitLocker protected disk will be much easier through the network than through any physical direct access. As long as Windows is on, it is the "royal" entrance path. This weakness stands for any OS, not just Windows.

Just have a look at the number of bug fixed every month in every OS. Some security expert are today comparing OSes in terms of "bug throughput". And the leader is…

BitLocker software will bring you a real security against the theft of your computer if you strictly abide to the following basic rule:

As soon as you have finished working, completly shut off Windows and allow for every shadow of information to disappear (from RAM, disk caches…) within 2 minutes.

That isn't true. As long as you can boot into Windows (i.e. be prompted to enter your user account password), the Bitlocker keys are already in RAM. When you enter your user crendentials to log into Windows, Windows will hash your password and compare it to the existing hash (which has already been decrypted by Bitlocker). Therefore, an attacker can simply start your computer. To mitigate against this, you may have a pin+TPM, and shut off Windows as you said. However, only certain devices are susceptible to Cold Boot and DMA. Google "Building a Bulletproof Bitlocker" for more info. — Kevin Lee, Jan 13 '15 at 12:05

score 1 · Answer 5 · answered Jun 07 '16 at 01:18

1

It depends what you want to be secure from. Unauthorised copying is what bitlocker is built for and it stops it. Denial of access so nobody can access the data. Not so much. In fact it seems to me to be bit open to that.

answered Jun 07 '16 at 01:18

Peter

11
1

So how would someone access the data of a bitlocker drive without tampering with the PC? – Neil Smithline Jun 07 '16 at 03:24

score 1 · Answer 6 · answered Jul 11 '17 at 20:16

If someone has physical access to your PC, it depends on what YOU will do next:

you won't access it ever again (PC stolen, seized, whatever), then unless they are a governmental entity, they cannot access your data, now. If they keep the disk for a few years, chances are some flaw/bug/vulnerability will have been uncovered by then and they will be able to access your data with ready-made tools and no expertise needed. But maybe there are no bugs and no flaw...
if you will use the PC again, then I hope you had a strong BIOS password, and confidence in that BIOS, because otherwise they could just flash your BIOS with a keylogging one.
you're just off for coffee, just a minute... then they could just wipe your keyboard real clean, wait until your enter your password again, and then distract you while they take a snap of your keys. The dirty keys will be those of your password, even if you entered a few extra keystrokes, this info greatly diminishes the complexity of brute-forcing your password. Also works with UV glowing powder, cheap "invisible" ink, etc.

So basically Bitlocker will stop a casual thief from accessing the drive of your stolen Laptop, but it won't do squat against a determined adversary that has physical access to your machine while you are away.

And note the last two apply to all encryptions that only involve only a password, as well as greatly diminishes the security of smartcard/PIN-only systems if they can steal the smartcard.

score 1 · Answer 7 · answered Mar 19 '19 at 20:15

I haven't seen this mentioned in the previous answers.

In certain cases BitLocker won't encrypt your drive and let the drive encrypt itself using hardware encryption. This is not always done well.

At least according to this link: https://www.howtogeek.com/fyi/you-cant-trust-bitlocker-to-encrypt-your-ssd-on-windows-10/

score 1 · Answer 8 · answered Oct 02 '14 at 20:52

1

Bitlocker certainly isn't because they have law enforcement power point presentations saying they can gain access to it and you certainly don't see the Fed pressuring MS anymore like they are other groups encrypting. Stay open source and research.

http://www.techarp.com/showarticle.aspx?artno=770&pgno=3

answered Oct 02 '14 at 20:52

Llord Eevil

27
1

6

I'll bite. Assume for a minute that the U.S. govt did manage to backdoor the systems called out in that presentation. Knowledge of this would be highly classified and wouldn't be shared with some county sheriff's office in Oregon. Your source is highly suspect. – Levi Oct 03 '14 at 06:52
I agree, I think Microsoft has the key according to http://www.howtogeek.com/199171/heres-why-windows-8.1s-encryption-doesnt-seem-to-scare-the-fbi/ – hardywang Dec 29 '14 at 15:27
2

@hardywang You misunderstood the article: 'New Windows 8.1 devices ship with something called “device encryption” enabled by default. This is different from the BitLocker encryption feature, which is only available in more expensive Professional editions of Windows and not enabled by default.' – Miscreant Jul 29 '15 at 18:58
I'm sorry to comment in such an old post. That linked document mentions dv. "Stu Pitt" and dv. "Laughlin Foo" (last page). Now, I'm not a native English speaker, but don't those names sound a little fake? I guess they could be real, seen weirder things IRL, but given the context... – fede s. Dec 03 '19 at 04:31
And digging around the web, many point out that the article was posted on April Fools day. Wouldn't trust it much. Doesn't mean I'd trust Bitlocker or TrueCrypt, just that this doesn't add anything of value for me. – fede s. Dec 03 '19 at 05:55

score 0 · Answer 9 · answered Aug 11 '13 at 17:38

0

There are two answers: No and Yes.

First to the "Yes": If there is really only one known cold boot attack against bitlocker, it's extremely unrealistic that somebody executes it, and if you're not the president of the US, you're not really endangered.

Second: NO! Even of it's unlikely that you're going to be attacked, it could happen! AND: You're using a Microsoft product. In times of PRISM and NSA you shouldn't really trust them.

TIP: Use a free OS like Fedora and glue your RAM to it's banks.

answered Aug 11 '13 at 17:38

Magnus

109
2

2

I guessed that because it's a Microsoft product, there could be any kinds of backdoors for NSA. Even though I might not have anything seriously illegal on my HDD, it's just a matter of principle. I guess TrueCrypt would be better option. – astralbanana Aug 11 '13 at 17:45
2

@astralbanana What makes you believe Truecrypt is better? The Linux kernel itself had backdooring potential with the RdRand code that Linus Torvalds included. – Luc Aug 11 '13 at 19:55
1

@Luc I'm more confident trusting it since it's open-source, instead of being developed by a huge company that certainly has connections to agencies that would have a motivation to request backdoors. – astralbanana Aug 12 '13 at 17:11
1

@astralbanana I know your comment is old, but I feel like I need to point out that even in 2013, TC was not Open Source. According to OSI president Simon Phipps: "...it is not at all appropriate for [TrueCrypt] to describe itself as "open source." This use of the term "open source" to describe something under a license that's not only unapproved by OSI but known to be subject to issues is unacceptable." – pzkpfw Aug 02 '15 at 13:42

score 0 · Answer 10 · answered Apr 12 '15 at 07:44

0

Currently the only secure way to protect the data on the disk is to use full disk encryption with pre-boot authentication based on credentials stored on a smart card. This protects as well against any DMA attacks via the physical interfaces.

answered Apr 12 '15 at 07:44

Pascal

11

1

Could you please edit your answer to explain *why* this is the only way? – Bob Brown Apr 12 '15 at 14:35
Why is a smart card required and not other methods? – schroeder Apr 12 '15 at 16:16

score -1 · Answer 11 · answered Jul 07 '14 at 20:08

-1

Elcomsoft Forensic Disk Decryptor promises to :

"offer investigators a fast, easy way to access encrypted information stored in crypto containers created by BitLocker, PGP and TrueCrypt."

What's scary, is that this software can be purchased by anyone.

I believe this confirms that there is NO SECURE MEANS OF ENCRYPTING A DISK.

answered Jul 07 '14 at 20:08

Freddie

9

... given certain conditions. Read the section on how it acquires the encryption keys. – schroeder Jul 07 '14 at 20:39
2

"In order to obtain the decryption keys, the encrypted volume must be mounted on the target PC." – dan Jul 07 '14 at 21:08
I tested it multiple time but it was not able to hack my TrueCrypt and Bitlocker drive. Complete bullshit company! Use strong passwords and keys larger then 2048. They, and the NSA will not get in! A company promising it can decrypt PGP or Bitlocker is untrustworthy. Even the NSA is still not able to decrypt PGP!! – Digital Human Jan 14 '15 at 08:04
@DigitalHuman NSA can almost certainly decrypt PGP just fine if they have a copy of your private key ring (obtainable via hacking) and either know, or can guess, your passphrase. It is fairly well established that they have massive password cracking abilities, including for PGP implementations. It also makes sense that they would be able to crack very short keys with relative ease, but such short keys have been discouraged for a very long time now (meaning if you are using such a short key for anything but toy purposes, then you have only yourself to blame). – user Jun 07 '16 at 11:12
Yeah like you say @MichaelKjörling with my key and an idea of my password they could (hell anyone could). Without my private key and password idea they can't. – Digital Human Jun 08 '16 at 12:24
They are not able to create a private key from my PGP encrypted data and decrypt my PGP encrypted data. That just not possible. So, without my private key even the NSA can't do anything as long as you use a key larger then 2048. And even with my private key it will be very hard for them. Make sure you don't use a password but a Diceware passphrase of minimum of 10 words. https://theintercept.com/2015/03/26/passphrases-can-memorize-attackers-cant-guess/ They won't be able to brute-force crack that for at least some time ;) – Digital Human Jun 08 '16 at 12:29

Is Windows BitLocker secure?

11 Answers11

Linked