Microsoft downplays Windows BitLocker attack threat

Says German research presents "relatively low risk" to users

Microsoft dismissed recently-disclosed threats to its BitLocker disk-encryption technology as "relatively low risk," noting that attackers must not only have physical access to a targeted PC, but must manipulate the machine two separate times.

The company's move was prompted by a paper published by five German researchers at the Fraunhofer Institute for Secure Information Technology (Fraunhofer SIT), a Darmstadt, Germany-based security company. In the paper, the researchers spelled out multiple attack scenarios criminals could use to access files protected by BitLocker.

BitLocker, which Microsoft debuted in higher-end versions of Windows Vista, is included only in Windows 7 Ultimate and Windows 7 Enterprise , available only to companies and organizations that buy Windows licenses in volume, as well as Windows Server 2008 and Server 2008 R2. The software encrypts disk volumes and locks them with a PIN, USB-based key device or, if the computer includes one, a Trusted Platform Module (TPM) chip.

The Fraunhofer SIT researchers spelled out five attack possibilities, including one where the attacker boots the PC from a flash drive and replaces the BitLocker bootloader with a substitute bootloader that spoofs the PIN request process, then snatches the PIN and saves it to disk or sends it elsewhere using the computer's wireless connection. Later, the attacker must revisit the PC to use the purloined PIN to access the BitLocker-protected data.

Microsoft scoffed at such scenarios.

"This sort of targeted attack poses a relatively low risk to folks who use BitLocker in the real world," said Paul Cooke, a senior director at Microsoft who looks after the operating system's security features.

In a post to the Windows Security blog, Cooke acknowledged that the Fraunhofer SIT researchers were right. "Even with BitLocker's multi-authentication configurations, an attacker could spoof the pre-OS collection of the user's PIN, store this PIN for later retrieval, and then reboot into the authentic collection of the user's PIN. The attacker would then be required to gain physical access to the laptop for a second time in order to retrieve the user's PIN and complete the attack scheme."

Cooke downplayed the threat and argued that that research broke no new ground. "These sorts of targeted threats are not new and are something we've addressed in the past; in 2006 we discussed similar attacks, where we've been straightforward with customers and partners that BitLocker does not protect against these unlikely, targeted attacks."

The Fraunhofer SIT five-some admitted that the attacks they outlined were essentially useless in what they called "opportunistic" attacks, which they defined as "easily obtained under common real-world conditions." Instead, the attack vectors they detailed required physical access to the targeted machine.

They also noted that their attack scenarios didn't exploit an actual vulnerability in BitLocker. "Our attack demonstration does neither imply a bug in BitLocker, nor renders it Trusted Computing useless," said two of the researchers in an entry on the Fraunhofer SIT blog . "BitLocker still works as well as other disk encryption products, it only fails to fulfill an unrealistic, yet common, expectation."

The pair also posted a video demonstrating the spoofed bootloader attack on the blog.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Microsoftbitlocker

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
Gregg Keizer

Gregg Keizer

Computerworld (US)
Show Comments

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Laura Johnston

MSI GS65 Stealth Thin

If you can afford the price tag, it is well worth the money. It out performs any other laptop I have tried for gaming, and the transportable design and incredible display also make it ideal for work.

Andrew Teoh

Brother MFC-L9570CDW Multifunction Printer

Touch screen visibility and operation was great and easy to navigate. Each menu and sub-menu was in an understandable order and category

Louise Coady

Brother MFC-L9570CDW Multifunction Printer

The printer was convenient, produced clear and vibrant images and was very easy to use

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?