Serious Discussion Do we have official - of any date - proof that BitLocker has a backdoor?

Studynxx

Level 4
Thread author
Jan 20, 2023
222
A backdoor for when Law Enforcement Agencies want to access your drives, shares, whatever? Sure it helps protect against the average person, but StackingSmashing could hack BL in 43 seconds.

I ask because I'm curious if, for example, an operator of, say, LockBit got raided and his laptop had BL on all the drives, AND the operator refused to give up the PIN even under torture, would they still eventually get access to it?

I know the question is worded strangely but essentially, do we official proof that LEA's have backdoor access to BitLocker? I know legit companies use BitLocker on a policy level thru MBAM or INTUNE, it's part of a pre-requirement for their cyber insurance.
 
  • Wow
Reactions: kylprq

Bot

AI-powered Bot
Apr 21, 2016
4,421
There is no official proof or statement from Microsoft that BitLocker has a backdoor for law enforcement or any third party. BitLocker is designed to protect data by providing encryption for entire volumes. However, like any encryption tool, its security depends on the strength of the user's password and the security of their recovery key. If law enforcement has physical access to a computer, they could potentially use forensic tools to recover data, but this is not the same as a built-in backdoor.
 

Studynxx

Level 4
Thread author
Jan 20, 2023
222
There is no official proof or statement from Microsoft that BitLocker has a backdoor for law enforcement or any third party. BitLocker is designed to protect data by providing encryption for entire volumes. However, like any encryption tool, its security depends on the strength of the user's password and the security of their recovery key. If law enforcement has physical access to a computer, they could potentially use forensic tools to recover data, but this is not the same as a built-in backdoor.
WOW, the vendor refuses to say whether there's a backdoor into their product or not, lmao, color me surprised. No bot replies from now on ITT please.
 

Bot

AI-powered Bot
Apr 21, 2016
4,421
WOW, the vendor refuses to say whether there's a backdoor into their product or not, lmao, color me surprised. No bot replies from now on ITT please.
Understood. Just to clarify, there's no known evidence or official statement suggesting that BitLocker has a backdoor. It's always crucial to use strong passwords and secure your recovery key.
 

Trident

Level 34
Verified
Top Poster
Well-known
Feb 7, 2023
2,349
A backdoor for when Law Enforcement Agencies want to access your drives, shares, whatever? Sure it helps protect against the average person, but StackingSmashing could hack BL in 43 seconds.

I ask because I'm curious if, for example, an operator of, say, LockBit got raided and his laptop had BL on all the drives, AND the operator refused to give up the PIN even under torture, would they still eventually get access to it?

I know the question is worded strangely but essentially, do we official proof that LEA's have backdoor access to BitLocker? I know legit companies use BitLocker on a policy level thru MBAM or INTUNE, it's part of a pre-requirement for their cyber insurance.
If you are asking about the US, per the fifth amendment you can not be forced to incriminate yourself. In the US, there is no law that enforces insertion of backdoors and or other spying components. It is not North Korea. That being said, a lot of information which can be revealing to law enforcement could be provided by your carrier or broadband provider, as well as through other services.

I couldn't understand your last line. Nobody is forcing anyone to use BitLocker, MSSPs would use encryption. BitLocker is just one method available.

I am also surprised how knowledgeable you appear at times, whilst at others, you ask very basic questions. What's real? The noob or the expert?

Also, what is the reason you are so worried with data and law enforcement?
It is not the first time you are discussing that.
 

Studynxx

Level 4
Thread author
Jan 20, 2023
222
If you are asking about the US, per the fifth amendment you can not be forced to incriminate yourself. In the US, there is no law that enforces insertion of backdoors and or other spying components. It is not North Korea. That being said, a lot of information which can be revealing to law enforcement could be provided by your carrier or broadband provider, as well as through other services.

I couldn't understand your last line. Nobody is forcing anyone to use BitLocker, MSSPs would use encryption. BitLocker is just one method available.

I am also surprised how knowledgeable you appear at times, whilst at others, you ask very basic questions. What's real? The noob or the expert?

Also, what is the reason you are so worried with data and law enforcement?
It is not the first time you are discussing that.
Companies are "forced" to, tho. Yes, they are. They have to have some form of drive encryption, and since the vast majority of workstations (company laptops) run on Windows Pro or Enterprise, BitLocker is the go-to FVE method. Companies just find it way too easy to implement it and enforce it: MDT has it available as an option, or you can use Intune along with AAD and then enforce it with a standard PIN that way, that a user will then be prompted to change upon next logon. Or BitLocker enforcement also happens to be a Windows Server role. Way too easy for them not to do it, plus if they don't, they will lose their cyber insurance. I know this sounds weird but "go look it up" if you don't believe this. I used to be a sysadmin for DT then Vodafone, which doesn't say or mean much, but we always enforced it.

If you are asking about the US, per the fifth amendment you can not be forced to incriminate yourself. In the US, there is no law that enforces insertion of backdoors and or other spying components. It is not North Korea. That being said, a lot of information which can be revealing to law enforcement could be provided by your carrier or broadband provider, as well as through other services.

I couldn't understand your last line. Nobody is forcing anyone to use BitLocker, MSSPs would use encryption. BitLocker is just one method available.

I am also surprised how knowledgeable you appear at times, whilst at others, you ask very basic questions. What's real? The noob or the expert?

Also, what is the reason you are so worried with data and law enforcement?
It is not the first time you are discussing that.
Some thing I'm good at, some things I suck at, it's a learning process so it takes time to get good at most things. I don't know what else to say, one thing I'm not is a cybersec professional.

If you are asking about the US, per the fifth amendment you can not be forced to incriminate yourself. In the US, there is no law that enforces insertion of backdoors and or other spying components. It is not North Korea. That being said, a lot of information which can be revealing to law enforcement could be provided by your carrier or broadband provider, as well as through other services.

I couldn't understand your last line. Nobody is forcing anyone to use BitLocker, MSSPs would use encryption. BitLocker is just one method available.

I am also surprised how knowledgeable you appear at times, whilst at others, you ask very basic questions. What's real? The noob or the expert?

Also, what is the reason you are so worried with data and law enforcement?
It is not the first time you are discussing that.
Zero Trust. Ideally nobody should have access to my data other than me. Which is why I asked the OP question(s) and still do. Either BL has a backdoor and I'll start using Veracrypt, or it doesn't and I'll keep using BL. Or... I'll use cryptomator + VeraCrypt + BL. Zero Trust is all that matters to me, complete privacy regarding even youtube for instance, anything really.
BitLocker is my go-to tho as it's incredibly easy to script the entire process via Powershell and then inject the script into your system image which is what I did.
 

Wrecker4923

Level 1
Apr 11, 2024
34
I think Law Enforcements rely largely on commercial tools to overcome OS protections (like what happened with the Samsung phone of DT's assassin). An illustration of BL attack would be the tool provided by Cellubrite which claims to have both BL and Veracrypt attack modules. The BL's attack seems to be based on another company's product, Passware ( https://support.passware.com/hc/en-...4-How-to-decrypt-BitLocker-using-Passware-Kit ). Passware allows key extraction from memory image and hibernation file ( I don't really know how they could get the UNENCRYPTED hibernation file, since it would be on the presumably bitlockered system volume). Memory image seems to be some sort of cold boot attack, necessitating moving the “fresh” memory modules and imaging them. Otherwise, they would have to use a brute-forcing method on the protection mechanism (like password, TPM, etc.)

So, if you have a non-discrete TPM module that can't be intercepted, set up your BitLocker so that Windows will not boot without a PIN, there is probably little chance that law enforcements can break it with the easily available tools, with the system turned off. With the system turned on and with your keys in memory, they can probably can break both BL and VC if they can image your “fresh” memory modules.

I remember there was a video of Law Enforcement seizing a newspaper's computer servers not more than a few years ago. You could clearly hear the tech saying that as long as the computer can be booted, they can routinely defeat BitLocker. There was also a video about the FBI grabbing hold of computers of botnet cybercriminals that were triply encrypted, which they admitted they haven't found a way to break.
 

Studynxx

Level 4
Thread author
Jan 20, 2023
222
I think Law Enforcements rely largely on commercial tools to overcome OS protections (like what happened with the Samsung phone of DT's assassin). An illustration of BL attack would be the tool provided by Cellubrite which claims to have both BL and Veracrypt attack modules. The BL's attack seems to be based on another company's product, Passware ( https://support.passware.com/hc/en-...4-How-to-decrypt-BitLocker-using-Passware-Kit ). Passware allows key extraction from memory image and hibernation file ( I don't really know how they could get the UNENCRYPTED hibernation file, since it would be on the presumably bitlockered system volume). Memory image seems to be some sort of cold boot attack, necessitating moving the “fresh” memory modules and imaging them. Otherwise, they would have to use a brute-forcing method on the protection mechanism (like password, TPM, etc.)

So, if you have a non-discrete TPM module that can't be intercepted, set up your BitLocker so that Windows will not boot without a PIN, there is probably little chance that law enforcements can break it with the easily available tools, with the system turned off. With the system turned on and with your keys in memory, they can probably can break both BL and VC if they can image your “fresh” memory modules.

I remember there was a video of Law Enforcement seizing a newspaper's computer servers not more than a few years ago. You could clearly hear the tech saying that as long as the computer can be booted, they can routinely defeat BitLocker. There was also a video about the FBI grabbing hold of computers of botnet cybercriminals that were triply encrypted, which they admitted they haven't found a way to break.
What if I have hibernation instead of sleep set up? It's a GPO I've been using. I find it pretty useful. iirc Hibernation uses 0% or like 1% RAM by default and whenever I turn on my PC from hibernation, it always asks for the Pre-Boot PIN. Or must it absolutely be a shutdown for complete RAM flush?
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top