Germans devise attacks on Windows BitLocker

reghakr

reghakr

New member
Local time
10:14 PM
Messages
1,614
Location
Pennsylvania
German researchers have devised five methods that determined attackers can use to bypass hard-drive encryption in recent versions of Microsoft operating systems. The methods, laid out by a research team from the Frauenhofer Institute
for Security Information

Technology, can be used to access files protected by BitLocker drive encryption... … The researchers stress that the strategies are useful only for targeted attacks, such as those used in industrial espionage, where an attacker is willing to devote considerable effort to breaching a single individual's security. … Among the methods discussed is what they call a "hardware-level phishing attack," in which a target machine is replaced with a counterfeit one that provides precisely the same messages and prompts that the original machine would have produced. The imposter machine captures user input and relays it to the attacker, who then uses it on the real machine.

Date: 5 December 2009

More............http://www.theregister.co.uk/2009/12/05/windows_bitlocker_attacks/
 

My Computer

Computer Manufacturer/Model Number
Cheap $399.00 E-Machine
OS
Windows 7 Pro & Vista Home Premium
CPU
Athlon 64 3800+ (Orleans) 2.40GHz
Motherboard
Winfast
Memory
2GB DDR2 RAM DIMM
Graphics Card(s)
NVIDIA GeForce 8500 GT 512 MB memory HDMI out
Sound Card
creative X-Fi Exteme 7..1 channel
Monitor(s) Displays
Acer V223W 22" widescreen DVI
Screen Resolution
1680x1050
Hard Drives
WDC WD5 500GB
WDC WD25 250GB
PSU
OCZ 550 watt
Case
Gateway
Cooling
2 fans
Keyboard
Dell
Mouse
Sony Vaio
Internet Speed
18MB/s down - .72MB /s up
Wow... the old "fake ui to grab password" trick, impressive. They come up with that all by themselves?

That is a standard attack on any and all systems local and ESPECIALLY web based now and probably for all time.

Sounds like someone is looking to generate publicity for themselves... :(
 

My Computer

Computer Manufacturer/Model Number
Scratch built
OS
Windows 7 x64 Ultimate
CPU
i7 960
Motherboard
Asus P6X58D
Memory
12 Gig Corsair Dominator
Graphics Card(s)
Nvidia 480
Sound Card
Maudio Delta 44 + breakout box
Monitor(s) Displays
Dell UltraSharp U2410 24in and Samsung 21 dual monitors
Screen Resolution
1920x1200 and 1280x1024
Hard Drives
Primary: Intel X-25M G2 160G SSD
Secondary: Segate baracuda 1.0 TB
HDs in AHCI mode.
PSU
Corasair TX850
Case
Cooler Master HAF
Cooling
Corsair H50
Keyboard
Logitech G15 + N52 game pad
Mouse
Logitech MX518
Internet Speed
15kbs down 4.5kbps up
Other Info
WEI 7.6
CPU & RAM 7.6
Graphics 7.9
Hard disk 7.7
This actually paints Bittlocker in quite a good light - given the physical access to the machine that this type of attack demands, (replacing the machine with a clone), and still having to rely on a "phishing" type of attack, rather than simply removing the HDD and cracking the encryption - shows that the actual encryption algorithm used is good.
 

My Computers

System One System Two

  • Computer type
    PC/Desktop
    Computer Manufacturer/Model Number
    ChillBlast - Custom to my design
    OS
    Windows 11 Pro x64 [Latest Release and Release Preview]
    CPU
    Ryzen 9 5950X, 3.8 - 5.2 MHz
    Motherboard
    Asus Prime X570-Pro
    Memory
    64GB [2 x 32GB] DDR4 3200MHz
    Graphics Card(s)
    4GB NVIDIA GEFORCE GTX 1650 Ti
    Sound Card
    On-board SPDIF to 5.1 System + HDMI [5.1 system]
    Monitor(s) Displays
    32" UHD 32 Bit HDR Monitor + 43" UHD 4K 32Bit HDR TV
    Screen Resolution
    2 x 3840 x 2160 @60Hz
    Hard Drives
    1TB M2 SSD OS, 500GB Fast Access SSD, 2 x 8TB Data + Various Externals from 1TB to 4TB, 10TB NAS
    PSU
    NZXT C750 80 PLUS Gold 750W Modular PSU
    Case
    Workstation Case [Matt Black]
    Cooling
    NZXT Kraken X63 280mm CPU Cooler +2x Quiet Case fans
    Keyboard
    Logitech Wireless MX Keys & K400 + others
    Mouse
    Logitech Wireless MX Master 3S
    Internet Speed
    920 MB Down 50 MB Up
    Antivirus
    BitDefender Total Security Pro
    Browser
    Chrome (always run latest Non-Beta)
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    Samsung 10.2" tablet
    Blackview TAB 8 4G Android Tablet c/w Keyboard
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control
  • Computer type
    Laptop
    System Manufacturer/Model Number
    Dell XPS 17 10750H
    OS
    Windows 11 Pro x64 Latest RP
    CPU
    Intel I7 10750H 5.0GHz
    Motherboard
    Dell XPS
    Memory
    32GB [2x16GB] DDR4 2933 MHz
    Graphics Card(s)
    nVidia GTX1650Ti 4 GB GDDR6
    Sound Card
    Stock [Realtek] 4 Speaker
    Monitor(s) Displays
    17" IPS UHD+ Infinity Edge Touchscreen
    Screen Resolution
    3840 x 2400
    Hard Drives
    2TB M2 NVMe, 4TB External + various 500GB & 1TB External NVMe (also have access to spinner HDD from
    PSU
    Stock
    Case
    Stock XPS Aluminium & Carbon Fibre
    Cooling
    Stock - Active Fan Control
    Keyboard
    Backlit + Various Logitech
    Mouse
    Stock Track Pad + Logitech MX Trackball
    Internet Speed
    72 MB Down 18MB Up
    Browser
    Chrome
    Other Info
    Also run ...
    Laptop - Quad 8GB - Windows 10 Pro x64
    Nexus 7 Android tablet x2
    10.2" tablet
    Sony Z3 Android Smartphone
    Wacom Intuos Pro Medium Pen Pad
    Wacom Intuos Pro Small Pen Pad
    Wacom Expresskeys Remote
    Loopdeck+ Graphics Controller
    Shuttle Pro v2 Control Pad
    10TB NAS
I think it's more of a weak publicity stunt than anything else...

More likely than not might be an NSA engineered back door into Bitlocker, in spite of Microsofts claims to the contrary!

It wasn't all that many years ago the US Gov't prohibited the export of software such as PGP or other encryption packages, can't really see that they'd allow Microsoft to receive exceptional treatment on a global product which could well be used by some unsavoury characters known to the FBI etc... :rolleyes:
 

My Computer

Computer Manufacturer/Model Number
Custom built machine
OS
W7 x64
CPU
Intel Q9300 2.5Ghz Quad LGA775 (Would like Q9650)
Motherboard
Gigabyte GA-EP45T-UD3R (F6 Bios)
Memory
4Gb OCZ Gold 1,333Mhz
Graphics Card(s)
Palit HD4850 O/C Sonic 512Mb DDR3, Dual DViD's
Sound Card
Azalia to twin Samson 50w Studio Monitors
Monitor(s) Displays
Twin Dell (E-IPS) U2311H 23.6" Screens
Screen Resolution
1920 x 1080 @ 60Hz
Hard Drives
Crucial M4 SSD, archives on twin Western Digital Caviar Black WD2002FAEX, 2TB, 7200rpm HDD's, Samsung Ritemaster CD/DVD Burner...
PSU
OCZ 600w
Case
Lian-Li PC8 acoustifoamed' aluminium tower
Cooling
Scythe 140mm Zipang
Keyboard
Cherry PS/2 custom model
Mouse
Lenovo USB laser "Thinkpad" Mouse
Internet Speed
ADSL2+ @14Mbps downstream & Cat6 Gigabit Ethernet
Antivirus
NOD32
Browser
Opera
Other Info
Silicon Dust HD Homerun Dual FTA (Ethernet) TV Tuners, Dray Tek Vigor 2850Vn router and 8x HP Gigabit Switch. Lian-Li CR26 Card Reader, Canon MF4430 iSensys laser printer/scanner.
Das is NICHT in Ordnung

Cheers
jimbo
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom built, several laptops HP/ASUS
OS
Linux CENTOS 7 / various Windows OS'es and servers
CPU
Intel i7 Intel i5
Memory
8GB, 16GB
Graphics Card(s)
On Motherboard
Sound Card
Realtek HD audio
Monitor(s) Displays
Apple Cinema display, Samsung LCD
Screen Resolution
1920 X 1080
Hard Drives
4 X 1TB SATA
Mouse
Toshiba wireless laser
Internet Speed
> 20MB up
Here I though Softpedia was a decent site.

I can almost guarantee you that the forensic tool is only available to forensic investigator's and law enforcement.

When you ckick on the forensic link it is limited to

Office Password Cracker - for Microsoft Excel, PowerPoint,
Word, Outlook, Access. More..
- for Microsoft Excel, PowerPoint,
Word, Outlook, Access. More..
 

My Computer

Computer Manufacturer/Model Number
Cheap $399.00 E-Machine
OS
Windows 7 Pro & Vista Home Premium
CPU
Athlon 64 3800+ (Orleans) 2.40GHz
Motherboard
Winfast
Memory
2GB DDR2 RAM DIMM
Graphics Card(s)
NVIDIA GeForce 8500 GT 512 MB memory HDMI out
Sound Card
creative X-Fi Exteme 7..1 channel
Monitor(s) Displays
Acer V223W 22" widescreen DVI
Screen Resolution
1680x1050
Hard Drives
WDC WD5 500GB
WDC WD25 250GB
PSU
OCZ 550 watt
Case
Gateway
Cooling
2 fans
Keyboard
Dell
Mouse
Sony Vaio
Internet Speed
18MB/s down - .72MB /s up
You must log in or register to reply here.
Back
Top