HomeWinBuzzer NewsMicrosoft’s BitLocker Can Be Bypassed with $30 FPGA

Microsoft’s BitLocker Can Be Bypassed with $30 FPGA

A security team has discovered it could bypass BitLocker in its basic configuration by using a $30 Field-Programmable Gate Array.

-

Microsoft's encryption tool has a vulnerability where attackers could get around its security without great effort. Researchers discovered they could bypass BitLocker by simply using a $30 Field-Programmable Gate Array (FPGA).

Specifically, the exploit would work only with BitLocker in its basic configuration. This is where the encryption services logs into a PC and unlocks the drive. Users running a more secure configuration require a password login, so are unaffected.

Pulse Security says it could bypass BitLocker through a FPGA chip to find the Windows encryption keys during boot as BitLocker moved from TMP to the Low Pin Count (LPC) bus. Denis Andzakovic of Pulse Security said he could unlock a HP laptop and Microsoft's own Surface Pro 3 with this method.

The researchers admit the flaw has been observed before. However, this new test is different as it shows the vulnerability can be exploited very easily and at little cost. The team recommends users should not use the basic configuration if any information on a PC is sensitive. Instead, users should create a PIN and use two-factor authentication.

FPGA

Switch to Software-Based Encryption

Microsoft is working on avoiding hardware-based problems in BitLocker. In January, the company said would switch the service to software-based encryption.

Windows 10 currently uses hardware-based encryption based on the device being used. However, buried in the Windows 10 19H1 previews is a software-based encryption. BitLocker policy has been updated to reflect the change on Insider releases of Windows 10.

The new policy states that “if you do not configure this policy setting, BitLocker will use software-based encryption.” In other words, if you do not specifically instruct BitLocker to use hardware-based encryption, it won't.

Luke Jones
Luke Jones
Luke has been writing about Microsoft and the wider tech industry for over 10 years. With a degree in creative and professional writing, Luke looks for the interesting spin when covering AI, Windows, Xbox, and more.

Recent News

0 0 votes
Article Rating
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x
Mastodon