BitLocker, Brossard’s Pre-boot Authentication Research, and the BSI

  • Article

Attending DEFCON presentations that target a product you use or helped build can be exciting in a bad way. And believe me – knowing the fix has already been shipped reduces that excitement… in a very good way. This is what made Jonathan Brossard’s DEFCON 16 presentation Bypassing pre-boot authentication passwords  less exciting for me: I knew the fix had been delivered to customers seven months earlier as part of Windows Vista Service Pack 1. That isn’t the complete story though.

The BitLocker Team collaborates with customers, partners, and world-class security-research organizations to complement its internal security analysis and penetration testing. Sometimes Microsoft initiates the external analysis and other times this work is begun independently. Reports of vulnerabilities flow from various sources through different channels. Each case is usually unique in some way. For instance, sometimes the finder doesn’t want publicity. In other cases, public events change the situation in a way that prompts us to respond publicly.

The password artifact in the firmware, or BIOS, keyboard buffer is a real problem. The BitLocker Team fixed this in Windows Vista SP1 by flushing the PIN from the keyboard buffer. While Mr. Brossard and his employer iViZ Techno Solutions are due credit and thanks for independently identifying this problem and publicizing their multi-vendor findings, they weren’t the first to report it privately to Microsoft. That credit belongs to the German government’s Federal Office for Information Security (BSI) and the Fraunhofer Institute who reported this issue to us in 2007. Thanks to their close collaboration with us, we were able to get the fix into Windows Vista SP1 and Windows Server 2008. We are also thankful that iViZ chose to responsibly disclose this to us and other vendors prior to publicizing their research.

There is an element of Mr. Brossard’s findings that is often ignored or misunderstood: The full, end-to-end, boot-component-modifying attack requires administrative privileges, or root, on all of the operating systems covered in his presentation – including Windows. Mr. Brossard made this clear during his DEFCON 16 presentation and in the associated white paper. On Windows, administrative privileges are required to write to the MBR and other boot components. Even if offline attacks are considered, BitLocker, in its TPM modes, will detect any unauthorized modification of the boot components during its secure boot phase.

The prerequisite of administrative privileges makes the BitLocker PIN attack much less interesting. If the attacker has administrative privileges, she could read disk encryption keys or, more simply, turn BitLocker off. I’m not trying to dismiss Mr. Brossard’s findings; the password artifact is a real problem that has to be addressed by a wide variety of vendors. But from a BitLocker TPM + PIN point-of-view, the vector provides limited capabilities to an attacker who doesn’t already have administrative privileges.

-- Douglas MacIver
-- BitLocker Test Team
-- Microsoft Corporation