Microsoft BitLocker drive encryption is found in the Enterprise and Ultimate version of Windows Vista and Windows 7. The technology was designed to encrypt the entire hard disk, protecting the confidential information within from being leaked in the event of laptops being lost or stolen. On top of that, TPM, or Trusted Platform Module, is a physical chip created specially to store the decryption keys for added security.

The security test lab of Fraunhofer SIT however, has published a technique for circumventing the BitLocker technology, even when used with TPM. In a statement, Fraunhofer SIT researchers Jan Steffan and Jan Trukenmüller were quick to point out that their attack does not demonstrate any form of bug in BitLocker or the idea behind the Trusted Platform Module.

To be clear, the attack relies on what is termed as an ‘Evil Maid' scenario where an attacker has physical access to the laptop not just once, but twice. A plausible scenario would see the hacker to be the maid in a hotel room, hence the 'Evil Maid' moniker.

The idea is to boot up the laptop using a USB flash drive, for instance, and replace the boot loader with one that would record the user-provided key onto an unencrypted portion of the hard disk. A second visit retrieves the key--which will open the doors to the encrypted data.

In this context, BitLocker protected laptops that are misplaced are not affected, since the perpetrator will be unable to steal any decryption keys in the first place. For now though, perhaps it would be a good idea to disable booting from USB or DVD drives by default, and lock down access to the BIOS with a password.

For more on this story:
- check out this article at ZDNet UK

Related Articles:
Windows 7 to come in six different versions
Protect your data warehouse
Data loss costs a bundle