Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
Do we have official - of any date - proof that BitLocker has a backdoor?
Message
<blockquote data-quote="Wrecker4923" data-source="post: 1097976" data-attributes="member: 110877"><p>I think Law Enforcements rely largely on commercial tools to overcome OS protections (like what happened with the Samsung phone of DT's assassin). An illustration of BL attack would be the tool provided by Cellubrite which claims to have both BL and Veracrypt attack modules. The BL's attack seems to be based on another company's product, Passware ( <a href="https://support.passware.com/hc/en-us/articles/360024316834-How-to-decrypt-BitLocker-using-Passware-Kit" target="_blank">https://support.passware.com/hc/en-us/articles/360024316834-How-to-decrypt-BitLocker-using-Passware-Kit</a> ). Passware allows key extraction from memory image and hibernation file ( I don't really know how they could get the UNENCRYPTED hibernation file, since it would be on the presumably bitlockered system volume). Memory image seems to be some sort of cold boot attack, necessitating moving the “fresh” memory modules and imaging them. Otherwise, they would have to use a brute-forcing method on the protection mechanism (like password, TPM, etc.)</p><p></p><p>So, if you have a non-discrete TPM module that can't be intercepted, set up your BitLocker so that Windows will not boot without a PIN, there is probably little chance that law enforcements can break it with the easily available tools, with the system turned off. With the system turned on and with your keys in memory, they can probably can break both BL and VC if they can image your “fresh” memory modules.</p><p></p><p>I remember there was a video of Law Enforcement seizing a newspaper's computer servers not more than a few years ago. You could clearly hear the tech saying that as long as the computer can be booted, they can routinely defeat BitLocker. There was also a video about the FBI grabbing hold of computers of botnet cybercriminals that were triply encrypted, which they admitted they haven't found a way to break.</p></blockquote><p></p>
[QUOTE="Wrecker4923, post: 1097976, member: 110877"] I think Law Enforcements rely largely on commercial tools to overcome OS protections (like what happened with the Samsung phone of DT's assassin). An illustration of BL attack would be the tool provided by Cellubrite which claims to have both BL and Veracrypt attack modules. The BL's attack seems to be based on another company's product, Passware ( [URL]https://support.passware.com/hc/en-us/articles/360024316834-How-to-decrypt-BitLocker-using-Passware-Kit[/URL] ). Passware allows key extraction from memory image and hibernation file ( I don't really know how they could get the UNENCRYPTED hibernation file, since it would be on the presumably bitlockered system volume). Memory image seems to be some sort of cold boot attack, necessitating moving the “fresh” memory modules and imaging them. Otherwise, they would have to use a brute-forcing method on the protection mechanism (like password, TPM, etc.) So, if you have a non-discrete TPM module that can't be intercepted, set up your BitLocker so that Windows will not boot without a PIN, there is probably little chance that law enforcements can break it with the easily available tools, with the system turned off. With the system turned on and with your keys in memory, they can probably can break both BL and VC if they can image your “fresh” memory modules. I remember there was a video of Law Enforcement seizing a newspaper's computer servers not more than a few years ago. You could clearly hear the tech saying that as long as the computer can be booted, they can routinely defeat BitLocker. There was also a video about the FBI grabbing hold of computers of botnet cybercriminals that were triply encrypted, which they admitted they haven't found a way to break. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
