57
Comments
  • 3
    Didn't know this. But it sounds like it can happen if the machine was physically stolen. What are the chances of stealing data from Bitlocker remotely? Like through an installed backdoor after a phishing attack?
  • 20
    @agentQ If the backdoor is running on a session that has access to the data, so does the backdoor. Fun thought, that malware remotely stealing your data will be encrypted by bitlocker when stored on your drive 😁
  • 10
    @CptFox Exactly. On a semi-related note, it's actually rather simple to bypass anti-data-stealing software made by AVs: copy files to RAM and send off the RAM copy. That's it. That's all it takes to defeat them.
  • 6
    @agentQ Bitlocker (in theory) prevents thieves and malicious authorities from removing the drive from the laptop, plugging it into a different device, and then reading the contents.

    An unencrypted drive allows you to do that, even if the OS has a password (that's just for entering the OS, and doesn't protect data).

    You could view a TPM as a "password lengthener". You could encrypt your harddrive with the password "7777", and the TPM turns that into "777719ae4e5d2c09e8c6144cac0ee663...." (not literally, but you get the idea). You enter the short PIN, the chip makes it more secure.

    TPM chips are supposed to be tamper-proof, really good at keeping that "19ae4e5d2c09e...." part secret.

    Bitlocker doesn't even require the "7777" part, and harware TPM chips aren't that great at keeping secrets.

    So the better option is full disk encryption using a very very LONG password that's easy to remember, like "sothebetteroptionisfulldiskencryptionusingaveryverylongpasswordthatseasytoremember"
  • 4
    @agentQ

    Also, full disk encryption only protects against data access AFTER power-down.

    Once you enter your decryption key, your disk is accessed continuously by the OS. The TPM still might have a say about decrypting data, but things which are loaded from disk to memory could potentially be a free-for-all-feast, depending on vulnerabilities in the operating system.

    As long as your system is ON, it's only as strong as your operating system's lockscreen, and network access, and memory protection, and firmware for external ports, and.... so many points of failure.
  • 2
    @bittersweet Yup. This entirely.

    However, the above method I posted to defeat anti-data-stealing algos does work for Bitlocker too, so that's why I posted that. I forgot to mention that, though.
  • 1
    See now, these attacks are good on paper, but bitch, how often is your garden variety thief going to know this / have the know-how or even know someone who could do this?

    And even more important, how likely is it that the average laptop is going to be worth doing this to?

    Honestly, sometimes these attacks feel like “sacrifice three albino virgins to the dark lord at the stroke of midnight while hopping on one foot chanting the Macarena backwards”
  • 1
    @Brolls >garden-variety thief
    The word you are looking for is "skidmark". Synonym: "script kiddie".
Add Comment