diTii.com Digital News Hub

Sign up with your email address to be the first to know about latest news and more.

I agree to have my personal information transfered to MailChimp (more information)


Discovering BitLocker drive encryption PIN under Windows

Fraunhofer SIT posted a method for discovering BitLocker drive encryption PIN under Windows. This method even works where Trusted Platform Module (TPM) is used to protect boot process. “An attacker with access to target computer simply boots from a USB flash drive and replaces BitLocker bootloader with a substitute bootloader which mimics BitLocker PIN query process but saves PINs entered by user to disk in unencrypted form. Although BitLocker boot process carries out an integrity check on system, and thereby Windows installation, it doesn’t check bootloader itself – not that actual attack described even gets as far as Windows boot process. Once substitute bootloader has saved victim’s PIN to hard drive, it rewrites original bootloader to MBR and restarts system. Victim may indeed wonder why their computer’s restarting, but then we’ve all seen computers suddenly decide to abort a boot and restart. To get hold of saved PIN, attacker needs to gain access to target computer for a second time, to once more boot up from a USB flash drive and then access hard drive. Computer can then be rebooted and PIN thus obtained used to open up BitLocker, allowing access to protected Windows system.”

More info: Demo and PDF

Share This Story, Choose Your Platform!

Get Latest News

Subscribe to Digital News Hub

Get our daily newsletter about the latest news in the industry.
First Name
Last Name
Email address
Secure and Spam free...