Microsoft's BitLocker encryption tool has a vulnerability where attackers could get around its security without great effort. Researchers discovered they could bypass BitLocker by simply using a $30 Field-Programmable Gate Array (FPGA).
Specifically, the exploit would work only with BitLocker in its basic configuration. This is where the encryption services logs into a PC and unlocks the drive. Users running a more secure configuration require a password login, so are unaffected.
Pulse Security says it could bypass BitLocker through a FPGA chip to find the Windows encryption keys during boot as BitLocker moved from TMP to the Low Pin Count (LPC) bus. Denis Andzakovic of Pulse Security said he could unlock a HP laptop and Microsoft's own Surface Pro 3 with this method.
The researchers admit the flaw has been observed before. However, this new test is different as it shows the vulnerability can be exploited very easily and at little cost. The team recommends users should not use the basic configuration if any information on a PC is sensitive. Instead, users should create a PIN and use two-factor authentication.
Switch to Software-Based Encryption
Microsoft is working on avoiding hardware-based problems in BitLocker. In January, the company said would switch the service to software-based encryption.
Windows 10 currently uses hardware-based encryption based on the device being used. However, buried in the Windows 10 19H1 previews is a software-based encryption. BitLocker policy has been updated to reflect the change on Insider releases of Windows 10.
The new policy states that “if you do not configure this policy setting, BitLocker will use software-based encryption.” In other words, if you do not specifically instruct BitLocker to use hardware-based encryption, it won't.